I'll jump into the main part.
Here is a snippet:
Tue 2015 15:00:23
My multikv extraction thinks "ZGD-OCU-QQQ" is my "fields".
It definitely is correctly extracting the information, but I'm trying to find a way to skip 3 lines-rows- after the timestamp to extract correct fields.
I would appreciate any help..!
... | multikv start_line=4 .... Adjust the start_line value as necessary.
rex to extract the timestamp before using
multikv on the rest.