Github user lvets commented on the issue:
https://github.com/apache/metron/pull/1184
So I talked @ottobackwards into initially adding this feature ð The
reason I asked for this improvement is that have a bunch of log files which
contain a relevant entry per line. I currently have to rely on 3rdparty tools
to split these logfiles into messages (where 1 log line == 1 message) before
sending them to Metron. I was hoping to just ingest the log and Metron would
take care of this.
To me, relying on 3rdparty tools for what I assume to be a normal use case
for a SIEM seems a bit strange.
---
