I have 2 types of logs from one source where I need to map fields vs values ...I dont want to create complex regex as they are from structured data so how do I create fields and values from events 

May 27 07:51:49 TESTHOSTTEST TESTDEVTEST_11.2.0.125: User '' (root) : FAILED: Sign On, ID: 123220127, InstID: 7653, IPAddress: 111.222.213.238, FolderID: 0, Username: root, AgentBrand: TEST DEV SSH, AgentVersion: 11.2.0.0, DEVSize: 0, Error: 2976, Message: Failed to sign on: This IP address has been locked out.

May 27 07:51:34 TESTHOSTTEST TESTDEVTEST_11.2.0.125: User 'BLA BLA DI' (ei4o2f18pcsuo5tp) : Download File, ID: 123220102, InstID: 7653, IPAddress: 333.222.231.94, FileID: 770879833, FileName: 16680_Signup Detail_20210527 01-49-18-86.csv, FolderID: 472070079, FolderPath: /Home/test/TestWorks/Enhanced Affiliate Signup Reports, Username: TEST, AgentBrand: Chrome Browser, AgentVersion: 90.0.4430.212, DEVSize: 739698, Parm2: 0, Error: 0