diff --git a/filter-10-header.conf b/filter-10-header.conf
index 87a4efa..426657a 100644
--- a/filter-10-header.conf
+++ b/filter-10-header.conf
@@ -1,7 +1,7 @@
 filter {
 
   grok {
-    match => ["message", "%{TIMESTAMP_ISO8601:oracledate} %{GREEDYDATA:message}"]
+    match => ["message", "%{TIMESTAMP_ISO8601:oracledate}(\n)?%{SPACE}%{GREEDYDATA:message}"]
     tag_on_failure => ["_grokparsefailure", "oracle_header_failed"]
     id => "oracle_header"
     overwrite => "message"