https://community.splunk.com/t5/Splunk-Search/Single-line-of-regex-to-extract-multiple-fields/m-p/556367#M157998 <P>I am not sure what the question is here. Please can you explain further?</P> Fri, 18 Jun 2021 22:59:13 GMT ITWhisperer 2021-06-18T22:59:13Z https://community.splunk.com/t5/Splunk-Search/Single-line-of-regex-to-extract-multiple-fields/m-p/556353#M157989 <P>I've seen the TA Unified2 do this, one single line of regex pulling all relevant fields from snort logs.&nbsp; I'm wanting to do the same thing for some NetApp logs I have:</P><P>The regex101 URL is:&nbsp;&nbsp;<A href="https://regex101.com/r/zlhxN9/1/" target="_blank">https://regex101.com/r/zlhxN9/1/</A></P><P>It has pretty good test data.&nbsp; The first line is a very typical format.&nbsp; The second line has a doozy, when an operation is carried out there is a field between the "::" delimitators that is further broken up with "&lt;&gt;" delimitators.&nbsp;</P><P>I'm at a loss here as you can see in the regex101 URL.</P> Fri, 18 Jun 2021 17:28:16 GMT https://community.splunk.com/t5/Splunk-Search/Single-line-of-regex-to-extract-multiple-fields/m-p/556353#M157989 token1 2021-06-18T17:28:16Z https://community.splunk.com/t5/Splunk-Search/Single-line-of-regex-to-extract-multiple-fields/m-p/556367#M157998 <P>I am not sure what the question is here. Please can you explain further?</P> Fri, 18 Jun 2021 22:59:13 GMT https://community.splunk.com/t5/Splunk-Search/Single-line-of-regex-to-extract-multiple-fields/m-p/556367#M157998 ITWhisperer 2021-06-18T22:59:13Z