Hi all,

I've been struggling for a few days to extract logs from our SVN repository.

Each event contains a list of files that have been modified.
I would like to extract those files and make statistics with them.

Let's start simple and let's just try to extract them with a regular expression.
Here are 3 example events:

 Wed Jul 29 10:05:37 CEST 2015 --- x3000 --- D BATCH/BRANCHES/PROD/RESBOU/file_load/load_universi/mensile/banche/ D BATCH/BRANCHES/PROD/RESBOU/file_load/load_universi/mensile/cadran/ D BATCH/BRANCHES/PROD/RESBOU/file_load/load_universi/mensile/cadran_carta/ D BATCH/BRANCHES/PROD/RESBOU/file_load/load_universi/mensile/amacvret/ D BATCH/BRANCHES/PROD/RESBOU/file_load/load_universi/mensile/dm_ctrl_metod/ D BATCH/BRANCHES/PROD/RESBOU/file_load/load_universi/mensile/dm_rischio/ D BATCH/BRANCHES/PROD/RESBOU/file_load/load_universi/mensile/piani/ D BATCH/BRANCHES/PROD/RESBOU/file_load/load_universi/mensile/ricerca/ D BATCH/BRANCHES/PROD/RESBOU/file_load/load_universi/mensile/universo_recupero/ D BATCH/BRANCHES/PROD/RESBOU/file_load/load_universi/mensile/veicoli/ --- Dismissione script per mondo nero, nacrad, Amacreoi, Controllo Metodologico, DM_RISCHIO, Piani, Ricerca, Recovert and cars

Wed Jul 29 10:11:27 CEST 2015 --- Z1567 --- D BUSINESSOBJECTS/BRANCHES/PROD/nero.unv D BUSINESSOBJECTS/BRANCHES/PROD/nadrac.unv D BUSINESSOBJECTS/BRANCHES/PROD/Controllo Metodologico.unv D BUSINESSOBJECTS/BRANCHES/PROD/ramaCrdit.unv D BUSINESSOBJECTS/BRANCHES/PROD/DM_RISCHIO.unv D BUSINESSOBJECTS/BRANCHES/PROD/Piani.unv D BUSINESSOBJECTS/BRANCHES/PROD/Ricerca.unv D BUSINESSOBJECTS/BRANCHES/PROD/cars.unv D BUSINESSOBJECTS/BRANCHES/PROD/uni_rec.unv --- Dismissione mondo nero, nadrac, ramaCrdit, Controllo Metodologico, DM_RISCHIO, Piani, Ricerca, Recovert univers and cars

Thu Jul 30 17:07:02 CEST 2015 --- X1254 --- U BUSINESSOBJECTS/TRUNK/Analisy_Mapping.unv --- Progetto ITXDE1506 - Mapping

Here is the regular expression I have used to first extract the ID of the person who did the commit and the list of files:

sourcetype=svn source="script-svn_log" | rex max_match=0 ---(?<userID>.)---(?<Commit>.)---

Now I would like to extract within the Commit field all the files and the action that has been done to the file (the action is represented either by a capital letter D, A or a U).

First question: Is it possible to apply a regular expression that returns multiple values to only one field?

Second question: For each result, will it be possible to generate fake/dummy events? Each event will contain all the previous fields + the name of the file + the nature of the commit (A or D or U)

Thank you for your time.