Hi All,

I have below two logs:

First Log

2023-09-05 00:17:56.987 [INFO ] [pool-3-thread-1] ReadControlFileImpl - Reading Control-File /absin/CARS.HIERCTR.D090423.T001603

Second Log

2023-09-05 03:55:15.808 [INFO ] [Thread-20] FileEventCreator - Completed Settlement file processing, CARS.HIER.D090423.T001603 records processed: 161094

I want to capture the trimmings for both logs:

My current queries

index="abc"sourcetype =600000304_gg_abs_ipc2 source="/amex/app/gfp-settlement-raw/logs/gfp-settlement-raw.log" "Reading Control-File /absin/CARS.HIERCTR."

index="abc"sourcetype =600000304_gg_abs_ipc2 source="/amex/app/gfp-settlement-raw/logs/gfp-settlement-raw.log" "Completed Settlement file processing, CARS.HIER."