Collapse long multiline entries in web interface

Long multiline entries in the search results from the web interface interfere with obtaining a quick overview of a problem seen in the logs across a federation of servers. This is quite notable in the case of log4j Java stack traces.

I recommend doing something similar to splunk which collapses longer lines down to just the first 3-5 lines. Via javascript, clicking on a link within the entry will expand the entry to show all of the lines.

====================
Background:

Splunk is obviously a very mature product and as such has lots of handy bells and whistles Logstash won't have overnight. This is one of the few simple features splunk has that seems to make a big difference in practice. An understanding of the typical use case helps demonstrate the problem.

In my scenario I am monitoring logs covering a federation of more than half a dozen interdependent Java based webservers and webservices using log4j logging. The first thing I do within the log analysis tool is search for WARN, ERROR and the like across all nodes within an environment. Whenever I see a problem I then pull out a request correlation id value from one of the log entries. The correlation id lets me easily search for all the log entries related to a particular inbound request that traveled through the various webservices involved. This typically results in several hits across the federation of servers some of which have lots of long nasty stacktraces. At first pass I am looking to see which services encountered a problem. Following that I then drill down on any particular log entries that will tell me more.

When trying to obtain an overall sense of the problem, having to page through multiple pages of search results with only a few large log entries each introduces a lot of noise. I still need the ability to see the all the details of any one entry, just not at first glance.