Hi, I would like to determine a field from different areas of a log. eg see below for my expectations. 

Note: You can be sure these three 

T INFO id=1 sourcetype=userservice FirstName=Vinod

T+1 INFO id=2 sourcetype=loginservice User 'Vinod' logged in

T+2 INFO id=3 sourcetype=userservice FirstName=Jason

T+3 INFO id=4 sourcetype=loginservice User 'Jason' logged in.

T+4 INFO id=5 sourcetype=userservice User deleted: Jason

Output:

Name | Count

Vinod  | 2

Jason | 3