Any thoughts on getting this done?? I have explored multiple options.
option1: using MMA agent, the issue with MMA agent is that it will only send logs when the timestamp is changed and in our case the logs are not getting updated rather logs are stored in multiple files that are copied through a cron job to the log forwarder so MMA agent approach will not work (as far as i can see, how sure if there are workarounds)
option2: using logstash, I am able to get all the logs from the files however they are split in multiple strings/logs which the XML parser function is not able to parse so logstash option is not feasible either.
option3: filebeats, i see it has the option in documentation to split logs into multiple lines, however have to create regex n test it and not sure if this will even work so exploring any ideas in parallel.