How do I match a newline in grok/logstash?

Question

I have a remote machine that combines multiline events and sends them across the lumberjack protocol.

What comes in is something that looks like this:

Answer 1

My final grok for Vertica log using (?m) and [^\n]+

match => ["message","(?m)%{TIMESTAMP_ISO8601:ClientTimestamp}%{SPACE}(%{DATA:Action}:)?(%{DATA:ThreadID} )?(\[%{DATA:Module}\] )?(\<%{DATA:Level}\> )?(\[%{DATA:SubAction}\] )?(@%{DATA:Nodename}:)?( (?(\{.*?\} )?.*?/.*?): )?(?[^\n]+)((\n)?(\t)?(?[^\n]+))?"]

Thanks to asperla

https://github.com/elastic/logstash/issues/2282