Hi All,
I wish to create a regex that should work with multiple log format
using  2 type log format.
1)
log format:
5 auth_mechanism: SSO_ISE auth group

[syslog_pass1]
regex =(?P<user_agent>\s+[(\S+)])(?P<cust_field>(?:\s+(?:\")?([^\"$]+))?)
FORMAT= user_agent::$1  cust_field::$2

2)
In second log format , one new field(proxy_id) is added in between user_agent ad cust_field.
Log Format:
 5 3 auth_mechanism: SSO_ISE auth group

[syslog_pass2]
regex =(?P<user_agent>\s+[(\S+)])(?P<proxy_instance_id>\s+[(\S+)])(?P<cust_field>(?:\s+(?:\")?([^\"$]+))?) 
FORMAT= user_agent::$1 proxy_id::$2 cust_field::$3

we wrote 2 regex for different log format.but field extration is not happening properly
if log is coming in  this log  format:  5 auth_mechanism: SSO_ISE  but so i am getting field value for user_agent is 5 , proxy_id is a , cust_field is auth_mechanism: SSO_ISE.
how to correct the regex for getting correct value of field ?