Hi guys,
I have a problem for which I've seen lots of answers but none worked for me. I have to say that I am a beginner in regex'es so maybe that's the problem. Nevertheless, I have made some tries that should have at least give me multiple values in the same event for a certain field, but it didn't, acting a little weird from my point of view. Having said that, I know my problem is quite simple and sorry for bothering you with this, but I need an example to get me going. So here's the situation:

I have an ASCII file containing events separated by \n. The events look like this:

Time=[1/7/12 01:00:00],Efficiency=1,Fill=2772,Run=206194,MeanLB=59,MeanInt=3,BusySource=[CTP(LUCID),Pixel ,SCT,TRT,L1Calo,BCM,LAr H/F,LAr EMEC,LAr EMB,MDT B,MDT EC,Tile EB,Tile LB,CSC,TGC,RPC,MUCTPI]

or

Time=[1/7/12 11:00:00],Efficiency=0,Fill=2788,Run=0,MeanLB=0,MeanInt=0,BusySource=[0]

What I want to do is make a multivalued field called busy_item for which every item in BusySource is a value for the field. So that means that the busy_item field will have multiple values coming from each event or 0.

I tried to do this by creating a new field extraction for which I would insert its regex rule. I tried lots of regex'es and none worked as I expected. The last one I tried is

(?:BusySource=[,\[]+)(?P\w+[\(\w\)]*)(?:[,\]])

which reads the 0s in [0] and just the first item in the multivalued BusySource. Even if I put a more general regex, it still just takes only one value per event. But I just started using regex'es.

Another method I used was the TOKENIZER in fields.conf. I've followed the example there and made (it was none) a fields.conf in etc/local or in etc/myapp/local but nothing happened. I guess there are much more editing to do before you can see that field in your app (like in the other conf files).

So, how do I extract the busy_item field?

Thank you very much,
Adrian