| rex "(?<fullfilename>\S+)$"
| rex field=fullfilename "(?<filename>\S+)(?<event>\.pdf|\-success\.csv)$"
| eval sentTime=if(event=".pdf",_time,null())
| eval receivedTime=if(event=".pdf",null(),_time)
| eval fileSent=if(event=".pdf",fullfilename,null())
| eval fileReceived=if(event=".pdf",null(),fullfilename)
| stats values(sentTime) as sentTime values(fileSent) as fileSent values(receivedTime) as receivedTime values(fileReceived) as fileReceived by filename
| eval elapseTime=tostring(receivedTime-sentTime,"duration")
