Problems with multiline extension in nxlog

Question

I have following logformat:

-- New Entry -------------------------
08:03:10 01.04.15  ncjhdnbchjbdc
08:03:10 jnkjsdncksjdnc
xd1: ndkjewnckjdwcndw
xd2: jncxkjdsnkjcndsqckjnc c cw djkcdnc cnd kj nc
08:03:10 dscsdcdsc

-- New Entry -------------------------
08:03:10 01.04.15  ncjhdnbchjbdc
08:03:10 jnkjsdncksjdnc
xd1: ndkjewnckjdwcndw
xd2: jncxkjdsnkjcndsqckjnc c cw djkcdnc cnd kj nc
08:03:10 dscsdcdsc

I want the complete entry in one line so i use the multiline extension:

<Extension multiline>
    Module  xm_multiline
    HeaderLine  /^--/
    EndLine " "
</Extension>

<Input in>
    Module  im_file
    File    "input.txt"
    SavePos TRUE
    ReadFromLast TRUE
    InputType   multiline   
    Exec    if $raw_event !~ /^--/ drop();
    Exec        $raw_event = replace($raw_event, "\r\n", ";");
</Input>
<Output out>
    Module  om_file
    File    "output.txt"
</Output>

<Route 1>
    Path    in => out
</Route>

The multiline extension works as expected for existing entries in the inputfile after start of nxlog. New entries are not correctly written in the output. Only the header will be written in the output. Has someone an idea of what iam doing wrong?

UPDATE: The PollInterval of the im_file seems to be the problem. I red following in the documentation of nxlog (section xm_multiline):

Note Until there is a new header read, the previous message is stored in the buffers because the module does not know where the message ends. The im_file module will forcibly flush this buffer after the configured PollInterval timeout. If this behaviour is unacceptable, consider using some kind of an encapsulation method (JSON, XML, RFC5425, etc) or use an end marker with EndLine if possible.

So, i use an end marker but it doesn't work. I tried different values for EndLine (regex: /^\s*$/ String: " ")

Answer 1

This line needs to be fixed.

Exec if $raw_event !~ /^--/ drop()

Should be

Exec if $raw_event =~ /^--/ drop()