My events are as below: 

Mon Nov 23 09:21:57 2020 6 10.0.0.3 3783 /root/A/P2/source1/POL.IDM b s i r kumar ssh 0 *

Mon Nov 23 09:21:58 2020 5 10.0.0.4 3783 /root/A/P2/.stfs/objects/8a/32bcb75c884c00175c989636000ba/b14fbda4-6857-4910-9a74-9789b6165b7f/52925c56-3ae2-4f75-bb3a-97622e9223b0/8a332bcb75c884c00175c989751500c3/POL.IDM b n o r kumar ssh 0 *

Mon Nov 23 09:15:25 2020 7 10.0.0.2 68 /root/A/P1/.stfs/objects/8a/325cc74705abd017472f907ce0155/12763075-66b1-4a1b-b080-0c5d0a5a0c11/d8c5486a-57ab-4798-a8cc-2bf45f3b975b/8a3325cc74705abd017472f9bbc701c7/WEB.dat a s o p ftp 0 *

If i extract the fields i need the below.:

event1 field values in RED, event 2 field values in PINK, event 3 field values in BLUE

current_time=Mon Nov 23 09:21:57 2020, Mon Nov 23 09:21:58 2020, Mon Nov 23 09:15:25 2020
transfer_time=6, 5, 7
remote_host=10.0.0.3, 10.0.0.4, 10.0.0.2
file_size=3783, 3783, 68
file_path=
/root/A/P2/source1/POL.IDM,
/root/A/P2/.stfs/objects/8a/32bcb75c884c00175c989636000ba/b14fbda4-6857-4910-9a74-9789b6165b7f/52925c56-3ae2-4f75-bb3a-97622e9223b0/8a332bcb75c884c00175c989751500c3/POL.IDM,
/root/A/P1/.stfs/objects/8a/325cc74705abd017472f907ce0155/12763075-66b1-4a1b-b080-0c5d0a5a0c11/d8c5486a-57ab-4798-a8cc-2bf45f3b975b/8a3325cc74705abd017472f9bbc701c7/WEB.dat
->
       Few extracts on this field file_path with / as delimiter: --> This i don't know how to handle
                3rd index extracted as account=P2, P2, P3
                 last index extracted as file_name= POL.IDM, POL.IDM, WEB.dat
                 last but one index (if start with starts with 8a) extracted as route_id = <null, empty>, <null, empty>, 8a3325cc74705abd017472f9bbc701c7
transfer_mode=b, b, a
transfer_security=s, n, s
transfer_status=i, o, o
access_mode=r, r, p
user_name=kumar, kumar, <null,empty> --> This i don't know how to handle
protocol=ssh, ssh, ftp

Can you please help on Field extractions /Search query for this?

Thank you