Regex для журналов, которые имеют несколько строк

Question

Я использую fluentd для пересылки журналов в службу Elasticsearch Service в AWS.Журналы приложений похожи на это, и я пытаюсь разобрать это с помощью синтаксического анализатора multi_format.в настоящее время он настроен на перехват всех журналов, не соответствующих регулярному выражению, в другое поле в ES.

    <pattern>
      format regexp
      expression /(?<log_line>.*)/
    </pattern>

Следующие журналы находятся в этом поле, поскольку ни одно из регулярных выражений не соответствует.

"20-Jun-2019 11:38:20] WARNING: [pool www] child 109 said into stdout: "EXCPT: /var/www/core/Router.php:85  Route not found./helloadmin 
[20-Jun-2019 11:38:20] WARNING: [pool www] child 109 said into stdout: " #0 /var/www/index.php(37): admin\core\Router::parse()"
"20-Jun-2019 11:38:41] WARNING: [pool www] child 108 said into stdout: "EXCPT: /var/www/core/Router.php:85  Route not found./test1 
[20-Jun-2019 11:38:41] WARNING: [pool www] child 108 said into stdout: " #0 /var/www/index.php(37): admin\core\Router::parse()"
"20-Jun-2019 11:38:56] WARNING: [pool www] child 111 said into stdout: "EXCPT: /var/www/core/Router.php:85  Route not found./test2 
[20-Jun-2019 11:38:56] WARNING: [pool www] child 111 said into stdout: " #0 /var/www/index.php(37): admin\core\Router::parse()"
"20-Jun-2019 11:39:09] WARNING: [pool www] child 109 said into stdout: "EXCPT: /var/www/core/Router.php:85  Route not found./test3 
[20-Jun-2019 11:39:09] WARNING: [pool www] child 109 said into stdout: " #0 /var/www/index.php(37): admin\core\Router::parse()"
"20-Jun-2019 11:40:11] WARNING: [pool www] child 109 said into stdout: "EXCPT: /var/www/core/Router.php:85  Route not found./edfdf 
[20-Jun-2019 11:40:11] WARNING: [pool www] child 109 said into stdout: " #0 /var/www/index.php(37): admin\core\Router::parse()"
"20-Jun-2019 11:45:40] WARNING: [pool www] child 108 said into stdout: "EXCPT: /var/www/core/DB.php:59  No such file or directory 
[20-Jun-2019 11:45:40] WARNING: [pool www] child 108 said into stdout: " #0 /var/www/core/DB.php(45): admin\core\DB->connect()"
[20-Jun-2019 11:45:40] WARNING: [pool www] child 108 said into stdout: "#1 /var/www/core/Container.php(93): admin\core\DB->__construct(Array)"
[20-Jun-2019 11:45:40] WARNING: [pool www] child 108 said into stdout: "#2 /var/www/core/Container.php(115): admin\core\Container::admin\core\{closure}()"
[20-Jun-2019 11:45:40] WARNING: [pool www] child 108 said into stdout: "#3 /var/www/core/Util.php(1144): admin\core\Container::getService('dbWriter')"
[20-Jun-2019 11:45:40] WARNING: [pool www] child 108 said into stdout: "#4 /var/www/core/Auth.php(30): admin\core\Util::updateAdminLogOut()"
[20-Jun-2019 11:45:40] WARNING: [pool www] child 108 said into stdout: "#5 /var/www/controllers/Dashboard.php(43): admin\core\Auth::checkSession()"
[20-Jun-2019 11:45:40] WARNING: [pool www] child 108 said into stdout: "#6 /var/www/index.php(47): admin\controllers\Dashboard->index(Array)"
"20-Jun-2019 11:45:54] WARNING: [pool www] child 111 said into stdout: "EXCPT: /var/www/core/DB.php:59  No such file or directory 
[20-Jun-2019 11:45:54] WARNING: [pool www] child 111 said into stdout: " #0 /var/www/core/DB.php(45): admin\core\DB->connect()"
[20-Jun-2019 11:45:54] WARNING: [pool www] child 111 said into stdout: "#1 /var/www/core/Container.php(93): admin\core\DB->__construct(Array)"
[20-Jun-2019 11:45:54] WARNING: [pool www] child 111 said into stdout: "#2 /var/www/core/Container.php(115): admin\core\Container::admin\core\{closure}()"
[20-Jun-2019 11:45:54] WARNING: [pool www] child 111 said into stdout: "#3 /var/www/core/Util.php(1144): admin\core\Container::getService('dbWriter')"
[20-Jun-2019 11:45:54] WARNING: [pool www] child 111 said into stdout: "#4 /var/www/core/Auth.php(30): admin\core\Util::updateAdminLogOut()"
[20-Jun-2019 11:45:54] WARNING: [pool www] child 111 said into stdout: "#5 /var/www/controllers/Users.php(2194): admin\core\Auth::checkSession()"
[20-Jun-2019 11:45:54] WARNING: [pool www] child 111 said into stdout: "#6 /var/www/index.php(47): admin\controllers\Users->getUserSnapshot(Array)"

Я нахожу способ разобрать их.Я попытался использовать параметр / m для многострочного и без него, но все не удается.Если вы не можете дать мне точное выражение, пожалуйста, дайте мне некоторую идею разобрать это.

Я пытался разделить журналы, используя дочерний номер - в данном случае 109/108/111 и т. Д., Но это не будет правильно, так как они перекрываются следующим образом:

"20-Jun-2019 11:45:56] WARNING: [pool www] child 114 said into stdout: "EXCPT: /var/www/core/DB.php:59  No such file or directory
[20-Jun-2019 11:45:56] WARNING: [pool www] child 114 said into stdout: " #0 /var/www/core/DB.php(45): admin\core\DB->connect()"
[20-Jun-2019 11:45:56] WARNING: [pool www] child 114 said into stdout: "#1 /var/www/core/Container.php(93): admin\core\DB->__construct(Array)"
[20-Jun-2019 11:45:56] WARNING: [pool www] child 114 said into stdout: "#2 /var/www/core/Container.php(115): admin\core\Container::admin\core\{closure}()"
[20-Jun-2019 11:45:56] WARNING: [pool www] child 114 said into stdout: "#3 /var/www/core/Util.php(1144): admin\core\Container::getService('dbWriter')"
[20-Jun-2019 11:45:56] WARNING: [pool www] child 114 said into stdout: "#4 /var/www/core/Auth.php(30): admin\core\Util::updateAdminLogOut()"
[20-Jun-2019 11:45:56] WARNING: [pool www] child 114 said into stdout: "#5 /var/www/controllers/Dashboard.php(43): admin\core\Auth::checkSession()"
[20-Jun-2019 11:45:56] WARNING: [pool www] child 114 said into stdout: "#6 /var/www/index.php(47): admin\controllers\Dashboard->index(Array)"
"20-Jun-2019 11:46:13] WARNING: [pool www] child 114 said into stdout: "EXCPT: /var/www/core/Router.php:85  Route not found./test
[20-Jun-2019 11:46:13] WARNING: [pool www] child 114 said into stdout: " #0 /var/www/index.php(37): admin\core\Router::parse()"

Дочерние номерато же самое, но это два разных события.Пожалуйста, обратите внимание на время.

Может кто-нибудь, пожалуйста, помогите.