I have a REGEX configured (in transforms.conf) that works with my single line events, but appears to be failing on all multi-line events. Is there a special configuration necessary to get the REGEX to work on multi-line events?
Correct. The regex processor is unable to handle multi-line events without additional configuration. You'll need to tell it that the event is multi-line by using (?m) before the regular expression. For example:
Suggested change: "The regex processor is unable to handle multi-line events" may be more accurate as: "The regex processor handles multi-line events one line at a time."
