Copy/Paste this example into your search window

| makeresults
| eval _raw="http-nio-8080-exec-6 nteg 2023-11-14T10:30:30,062 INFO REQEST XML
http-nio-8080-exec-6 nteg 2023-11-14T10:30:30,062 INFO Operation started
http-nio-8080-exec-6 nteg 2023-11-14T10:30:30,112 ERROR Operation error
.WsdlFault: Failed to process
CALL STACk
http-nio-8080-exec-6 nteg 2023-11-14T10:30:30,118 INFO Operation failed
http-nio-8080-exec-6 nteg 2023-11-14T10:30:30,118 INFO request processed
http-nio-8080-exec-6 nteg 2023-11-14T10:30:30,118 ERROR exception thrown regarding {ABCDEFGH-IJKL}
http-nio-8080-exec-6 nteg 2023-11-14T10:30:30,118 ERROR exception thrown regarding {ABCDEFGH-IJKL}
http-nio-8080-exec-14 nteg 2023-11-14T10:33:30,062 INFO REQEST XML
http-nio-8080-exec-14 nteg 2023-11-14T10:33:30,062 INFO Operation started
http-nio-8080-exec-14 nteg 2023-11-14T10:33:30,118 INFO Operation Success
http-nio-8080-exec-14 nteg 2023-11-14T10:33:30,118 INFO request processed
http-nio-8080-exec-14 nteg 2023-11-14T10:33:30,118 INFO Processed {1234-6789}"
| multikv noheader=t
| eval _raw=Column_1.if(len(Column_2)>0,",".Column_2,"")
| table _raw
| rex "(?<t>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2},\d{3})"
| eval _time=strptime(t, "%FT%T,%Q")
``` Your data set up above ```
| rex "http-nio-8080-exec-(?<id>\d+).* (?<status>INFO|ERROR) (?<message>.*)"
| rex field=message "\{(?<op_id>\w+-\w+)"
| eval status=case(message="Operation failed", "Failed", message="Operation Success", "Success", true(), null())
| stats min(eval(if(message="Operation started", _time, null()))) as Op_Started values(op_id) as op_id values(status) as status by id

It takes your example data and assumes the first part is some kind of thread id and then does some extractions to join the data together.

If that thread id can occur more than once in your search range, then this won't work

Thanks @bowesmana  I appreciate your help !!!!

Does this mean anything

http-nio-8080-exec-6

is that some kind of thread id?