Splunk Search

Need to return second line's agent response time as a separate field using Regex by finding the agent using system message "online for chatting" in the first line

rajaguru2790
Explorer

Rohi is the agent and Saj is the user. Using system message we can find the . Then we need to matc h the next line of agent. Here Rohi's second line of message in the log and return that line TIME in separate field.

My Regex: ((?:.TIME!)(?:.M)(?:!_.)(?:\n!NAME!)(?:.)(?:!.*)(?:\n!.System Message:\s)(?.)(?:\is online for chatting).)(?:.)(\2)+\s+\S+[\r\n]+
)

Desired Output Fields: Field Name=Agent(value=Rohi) , Field Name=Agent Initial Response Time(value=1/1/2019 2:51:16 AM).
Note two times the agnet gave same message . How can I help you today. We want first whatever response/message time from agent after finding the agent using System message "online for chatting"

!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:42:55 AM!_/TIME_!
!_NAME_!Saj!_/NAME_!
!_TEXT_!Hi Team!_/TEXT_!!_NAMEID_!sajg6@test.com!_/NAMEID_!!_MID_!1!_/MID_!!_UTCEPOCHTIME_!1546328575000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:42:56 AM!_/TIME_!
!_NAME_!System!_/NAME_!
!_TEXT_!The following associated data has been added:<ul><li>Customer Information</li></ul>!_SM+msg_DataAdded+Customer InformationSM_!!_/TEXT_!!_NAMEID_!system@email.com!_/NAMEID_!!_MID_!3!_/MID_!!_UTCEPOCHTIME_!1546328576000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:42:59 AM!_/TIME_!
!_NAME_!Rohi!_/NAME_!
!_TEXT_!System Message: Rohi is online for chatting.!_SM+msg_AgentOnline+RohiSM_!!_/TEXT_!!_NAMEID_!rohi@test.com!_/NAMEID_!!_MID_!4!_/MID_!!_UTCEPOCHTIME_!1546328579000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:43:09 AM!_/TIME_!
!_NAME_!Saj!_/NAME_!
!_TEXT_!Wish you a very happy ne year!_/TEXT_!!_NAMEID_!sajg6@test.com!_/NAMEID_!!_MID_!5!_/MID_!!_UTCEPOCHTIME_!1546328589000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:43:12 AM!_/TIME_!
!_NAME_!Saj!_/NAME_!
!_TEXT_!new*!_/TEXT_!!_NAMEID_!sajg6@test.com!_/NAMEID_!!_MID_!6!_/MID_!!_UTCEPOCHTIME_!1546328592000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:43:25 AM!_/TIME_!
!_NAME_!Saj!_/NAME_!
!_TEXT_!I need to close this ticket 10936307!_/TEXT_!!_NAMEID_!sajg6@test.com!_/NAMEID_!!_MID_!7!_/MID_!!_UTCEPOCHTIME_!1546328605000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:43:32 AM!_/TIME_!
!_NAME_!Saj!_/NAME_!
!_TEXT_!please help me in closing the same!_/TEXT_!!_NAMEID_!sajg6@test.com!_/NAMEID_!!_MID_!8!_/MID_!!_UTCEPOCHTIME_!1546328612000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:45:07 AM!_/TIME_!
!_NAME_!Saj!_/NAME_!
!_TEXT_!Anyone there ?!_/TEXT_!!_NAMEID_!sajg6@test.com!_/NAMEID_!!_MID_!9!_/MID_!!_UTCEPOCHTIME_!1546328719000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:47:13 AM!_/TIME_!
!_NAME_!Saj!_/NAME_!
!_TEXT_!??!_/TEXT_!!_NAMEID_!sajg6@test.com!_/NAMEID_!!_MID_!10!_/MID_!!_UTCEPOCHTIME_!1546328833000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:49:23 AM!_/TIME_!
!_NAME_!Saj!_/NAME_!
!_TEXT_!?? Hi Rohi You there?!_/TEXT_!!_NAMEID_!sajg6@test.com!_/NAMEID_!!_MID_!11!_/MID_!!_UTCEPOCHTIME_!1546328963000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:51:16 AM!_/TIME_!
!_NAME_!Rohi!_/NAME_!
!_TEXT_!Hello Saj my name is Rohi. How can I help you today?!_/TEXT_!!_NAMEID_!rohi@test.com!_/NAMEID_!!_MID_!12!_/MID_!!_UTCEPOCHTIME_!1546329076000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:51:27 AM!_/TIME_!
!_NAME_!Rohi!_/NAME_!
!_TEXT_!Yes!_/TEXT_!!_NAMEID_!rohi@test.com!_/NAMEID_!!_MID_!13!_/MID_!!_UTCEPOCHTIME_!1546329087000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:53:47 AM!_/TIME_!
!_NAME_!Rohi!_/NAME_!
!_TEXT_!Hello Saj my name is Rohi. How can I help you today?!_/TEXT_!!_NAMEID_!rohi@test.com!_/NAMEID_!!_MID_!14!_/MID_!!_UTCEPOCHTIME_!1546329227000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:54:38 AM!_/TIME_!
!_NAME_!System!_/NAME_!
!_TEXT_!System Message: Saj G has closed the browser!_SM+msg_hasClosed+Saj GSM_!!_/TEXT_!!_NAMEID_!system@email.com!_/NAMEID_!!_MID_!15!_/MID_!!_UTCEPOCHTIME_!1546329278000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:55:12 AM!_/TIME_!
!_NAME_!System!_/NAME_!
!_TEXT_!System Message: rohi has closed and abandoned. To start a new chat click on &quot;Chat now&quot;.!_SM+msg_UserAbandoned+rohiSM_!!_/TEXT_!!_NAMEID_!system@email.com!_/NAMEID_!!_MID_!16!_/MID_!!_UTCEPOCHTIME_!1546329312000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
Tags (1)
0 Karma

rajaguru2790
Explorer

Hi gcusello/richgalloway

Thanks for the response. Below is the entire log which needs to be parsed. Rohi is the agent and Saj is the user. Using system message we can find the agent . Then we need to match the next line of agent in the log.Here Rohi(agent) second line of message in the log and return that line TIME in separate field.
Step1: Match the agent line using the System message "online for chatting" and return the agent name in agent field. Rohi is the agent in this log and below line is parsed and Rohi needs to be captured for this event. Like this there are many events

    !_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:42:59 AM!_/TIME_!
    !_NAME_!Rohi!_/NAME_!
    !_TEXT_!<span class='defaultsysmsg' style='display:none'>System Message: Rohi is online for chatting.</span>!_SM+msg_AgentOnline+RohiSM_!!_/TEXT_!!_NAMEID_!rohi@test.com!_/NAMEID_!!_MID_!4!_/MID_!!_UTCEPOCHTIME_!1546328579000!_/UTCEPOCHTIME_!!_/CINST_!
    --------------------------------------------------------------------------------------

Step2: Match the next line of response from agent(Rohi) by Parsing the entire log. This line is called initial response as before line is the system assigning chat automatically to Rohi. This line timestamp 1/1/2019 2:42:55 AM has to be captured in the separate field Initial Response

!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:51:16 AM!_/TIME_!
!_NAME_!Rohi!_/NAME_!
!_TEXT_!<translateitem>Hello Saj my name is Rohi. How can I help you today?</translateitem>!_/TEXT_!!_NAMEID_!rohi@test.com!_/NAMEID_!!_MID_!12!_/MID_!!_UTCEPOCHTIME_!1546329076000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------

Entire Log:
`!CI!!L!en!/LO!!TIME!1/1/2019 2:42:55 AM!/TIME!
!NAME!Saj!/NAME!

!TEXT!Hi Team!/TEXT!!NAMEID!sajg6@test.com!/NAMEID!!MID!1!/MID!!UTCEPOCHTIME!1546328575000!/UTCEPOCHTIME!!/CINST!

!CI!!L!en!/LO!!TIME!1/1/2019 2:42:56 AM!/TIME!
!NAME!System!/NAME!

!TEXT!The following associated data has been added:
  • Customer Information
!SM+msg_DataAdded+Customer InformationSM!!/TEXT!!NAMEID!system@email.com!/NAMEID!!MID!3!/MID!!UTCEPOCHTIME!1546328576000!/UTCEPOCHTIME!!/CINST!

!CI!!L!en!/LO!!TIME!1/1/2019 2:42:59 AM!/TIME!
!NAME!Rohi!/NAME!

!TEXT!System Message: Rohi is online for chatting.!SM+msg_AgentOnline+RohiSM!!/TEXT!!NAMEID!rohi@test.com!/NAMEID!!MID!4!/MID!!UTCEPOCHTIME!1546328579000!/UTCEPOCHTIME!!/CINST!

!CI!!L!en!/LO!!TIME!1/1/2019 2:43:09 AM!/TIME!
!NAME!Saj!/NAME!

!TEXT!Wish you a very happy ne year!/TEXT!!NAMEID!sajg6@test.com!/NAMEID!!MID!5!/MID!!UTCEPOCHTIME!1546328589000!/UTCEPOCHTIME!!/CINST!

!CI!!L!en!/LO!!TIME!1/1/2019 2:43:12 AM!/TIME!
!NAME!Saj!/NAME!

!TEXT!new*!/TEXT!!NAMEID!sajg6@test.com!/NAMEID!!MID!6!/MID!!UTCEPOCHTIME!1546328592000!/UTCEPOCHTIME!!/CINST!

!CI!!L!en!/LO!!TIME!1/1/2019 2:43:25 AM!/TIME!
!NAME!Saj!/NAME!

!TEXT!I need to close this ticket 10936307!/TEXT!!NAMEID!sajg6@test.com!/NAMEID!!MID!7!/MID!!UTCEPOCHTIME!1546328605000!/UTCEPOCHTIME!!/CINST!

!CI!!L!en!/LO!!TIME!1/1/2019 2:43:32 AM!/TIME!
!NAME!Saj!/NAME!

!TEXT!please help me in closing the same!/TEXT!!NAMEID!sajg6@test.com!/NAMEID!!MID!8!/MID!!UTCEPOCHTIME!1546328612000!/UTCEPOCHTIME!!/CINST!

!CI!!L!en!/LO!!TIME!1/1/2019 2:45:07 AM!/TIME!
!NAME!Saj!/NAME!

!TEXT!Anyone there ?!/TEXT!!NAMEID!sajg6@test.com!/NAMEID!!MID!9!/MID!!UTCEPOCHTIME!1546328719000!/UTCEPOCHTIME!!/CINST!

!CI!!L!en!/LO!!TIME!1/1/2019 2:47:13 AM!/TIME!
!NAME!Saj!/NAME!

!TEXT!??!/TEXT!!NAMEID!sajg6@test.com!/NAMEID!!MID!10!/MID!!UTCEPOCHTIME!1546328833000!/UTCEPOCHTIME!!/CINST!

!CI!!L!en!/LO!!TIME!1/1/2019 2:49:23 AM!/TIME!
!NAME!Saj!/NAME!

!TEXT!?? Hi Rohi You there?!/TEXT!!NAMEID!sajg6@test.com!/NAMEID!!MID!11!/MID!!UTCEPOCHTIME!1546328963000!/UTCEPOCHTIME!!/CINST!

!CI!!L!en!/LO!!TIME!1/1/2019 2:51:16 AM!/TIME!
!NAME!Rohi!/NAME!

!TEXT!Hello Saj my name is Rohi. How can I help you today?!/TEXT!!NAMEID!rohi@test.com!/NAMEID!!MID!12!/MID!!UTCEPOCHTIME!1546329076000!/UTCEPOCHTIME!!/CINST!

!CI!!L!en!/LO!!TIME!1/1/2019 2:51:27 AM!/TIME!
!NAME!Rohi!/NAME!

!TEXT!Yes!/TEXT!!NAMEID!rohi@test.com!/NAMEID!!MID!13!/MID!!UTCEPOCHTIME!1546329087000!/UTCEPOCHTIME!!/CINST!

!CI!!L!en!/LO!!TIME!1/1/2019 2:53:47 AM!/TIME!
!NAME!Rohi!/NAME!

!TEXT!Hello Saj my name is Rohi. How can I help you today?!/TEXT!!NAMEID!rohi@test.com!/NAMEID!!MID!14!/MID!!UTCEPOCHTIME!1546329227000!/UTCEPOCHTIME!!/CINST!

!CI!!L!en!/LO!!TIME!1/1/2019 2:54:38 AM!/TIME!
!NAME!System!/NAME!

!TEXT!System Message: Saj G has closed the browser!SM+msg_hasClosed+Saj GSM!!/TEXT!!NAMEID!system@email.com!/NAMEID!!MID!15!/MID!!UTCEPOCHTIME!1546329278000!/UTCEPOCHTIME!!/CINST!

!CI!!L!en!/LO!!TIME!1/1/2019 2:55:12 AM!/TIME!
!NAME!System!/NAME!
!TEXT!System Message: rohi has closed and abandoned. To start a new chat click on "Chat now".!SM+msg_UserAbandoned+rohiSM!!/TEXT!!NAMEID!system@email.com!/NAMEID!!MID!16!/MID!!UTCEPOCHTIME!1546329312000!/UTCEPOCHTIME!!/CINST!
--------------------------------------------------------------------------------------`,

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Thanks for clarifying the requirements. I have updated my answer.

---
If this reply helps you, Karma would be appreciated.

gcusello
SplunkTrust
SplunkTrust

Hi rajaguru2790,
sorry but your question isn't readable, could you use the "Code Sample" button (the one with 101010) to highlight samples and regexes?
Anyway, if the sample is

!CI!!L!en!/LO!!TIME!1/1/2019 2:51:27 AM!/TIME!
!NAME!Rohi!/NAME!
!TEXT!Yes!/TEXT!!NAMEID!rohi@test.com!/NAMEID!!MID!13!/MID!!UTCEPOCHTIME!1546329087000!/UTCEPOCHTIME!!/CINST!

the regex is

(?ms)!TIME!(?<AgentInitialResponseTime>[^!]*)!.*!NAME!(?<Agent>[^!]*)

as you can test at https://regex101.com/r/IHmHqx/1 .

Bye.
Giuseppe

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Try this regex: (?s)(?<agent>\w+) is online for chatting.*?!_TIME_!(?<time>[^!]+)!_\/TIME_!.!_NAME_!\k<agent>!_\/NAME_!.!_TEXT_!(?!System Message).

---
If this reply helps you, Karma would be appreciated.
0 Karma

rajaguru2790
Explorer

I could not find your recent answer and I can see the comment as 'Answer is posted' but not there. Please post it again. Thanks.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

This is it right here. I changed this regex string based on your comments.

---
If this reply helps you, Karma would be appreciated.
0 Karma

rajaguru2790
Explorer

Hi Rich,

The regex you matched seems like last line of agent response. Actually timestamp which is capturing is 1/1/2019 2:53:47 AM. But it should be the response which comes immediately after "online for chatting line" and correct timestamp to be captured is 1/1/2019 2:51:16 AM as mentioned in Right Timestamp step below

!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:53:47 AM!_/TIME_!
!_NAME_!Rohi!_/NAME_!
!_TEXT_!<translateitem>Hello Saj my name is Rohi. How can I help you today?</translateitem>!_/TEXT_!!_NAMEID_!rohi@test.com!_/NAMEID_!!_MID_!14!_/MID_!!_UTCEPOCHTIME_!1546329227000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------

Right Timestamp step:
So the below line's timestamp which somes after the line ""online for chatting" should be captured and timestamp is returned. It should be 1/1/2019 2:51:16 AM

!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:51:16 AM!_/TIME_!
!_NAME_!Rohi!_/NAME_!
!_TEXT_!<translateitem>Hello Saj my name is Rohi. How can I help you today?</translateitem>!_/TEXT_!!_NAMEID_!rohi@test.com!_/NAMEID_!!_MID_!12!_/MID_!!_UTCEPOCHTIME_!1546329076000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
0 Karma

rajaguru2790
Explorer

Please give me a solution to match Agent's second line occurence not the last one in the entire log. Now agent;s last line of response is beign matched. Please help

0 Karma

richgalloway
SplunkTrust
SplunkTrust

I've updated my answer.

---
If this reply helps you, Karma would be appreciated.
0 Karma

rajaguru2790
Explorer

I could not find the answer. Is it updated in the same Regex you gave before?

0 Karma

rajaguru2790
Explorer

Rich, Thank you so much for your help. I could not find the updated Regex. Could you please post again in answers or comments?
Thanks in advance

0 Karma

richgalloway
SplunkTrust
SplunkTrust

(?s)(?<agent>\w+) is online for chatting.*?!_TIME_!(?<time>[^!]+)!_\/TIME_!.!_NAME_!\k<agent>!_\/NAME_!.!_TEXT_!(?!System Message)

---
If this reply helps you, Karma would be appreciated.
0 Karma

rajaguru2790
Explorer

Thanks Rich. Need another help from you. Please help me on the below query

For each session

User(Saj) to Agent(Rohi) Response for all the conversations in the log should be captured: In the above example three valid user to agent response is there.If there are multiple Agent's response in betweencan be ignored.Only the user response should be captured and after that next agent immediate response should be captured parsing the entire log.

1st set: Difference from user to agent time needed in Secs:
User Response: 1/1/2019 2:42:55 AM
Agent Response: 1/1/2019 2:51:16 AM (Initial Response Found already using Regex)

2nd Set: Difference from user time to agent time is needed
User Response: 1/1/2019 2:54:38 AM
Agent Response: 1/1/2019 2:55:12 AM

3rd Set: Difference from user time to agent time is needed
User Response: 1/1/2019 2:56:39 AM
Agent Response: 1/1/2019 2:57:10 AM

Like this if "n" number of sets are there everything should be displayed and their
Interaction Measurement Number (Sequential Number starting at 1 to N that identifies the unique measurement in the session log extracted by sequentially parsing the Chat Session log)
Response Start Time - Time associated with User part of the User  Agent interaction number measurement from the Session log
Response End Time – Time associated with the Agent part of the User  Agent interaction number measurement from the Session log
Agent Interaction Response Time – Difference in End Time and Start Time of the interaction number measurement for the interaction number.

!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:42:55 AM!_/TIME_!
!_NAME_!Saj!_/NAME_!
!_TEXT_!<translateitem>Hi Team</translateitem>!_/TEXT_!!_NAMEID_!sajg6@test.com!_/NAMEID_!!_MID_!1!_/MID_!!_UTCEPOCHTIME_!1546328575000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:42:56 AM!_/TIME_!
!_NAME_!System!_/NAME_!
!_TEXT_!<span class='defaultsysmsg' style='display:none'>The following associated data has been added:<ul><li>Customer Information</li></ul></span>!_SM+msg_DataAdded+Customer InformationSM_!<arcmd cmd='event-UPDATEASSOCIATEDDATA' />!_/TEXT_!!_NAMEID_!system@email.com!_/NAMEID_!!_MID_!3!_/MID_!!_UTCEPOCHTIME_!1546328576000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:42:59 AM!_/TIME_!
!_NAME_!Rohi!_/NAME_!
!_TEXT_!<span class='defaultsysmsg' style='display:none'>System Message: Rohi is online for chatting.</span>!_SM+msg_AgentOnline+RohiSM_!!_/TEXT_!!_NAMEID_!rohi@test.com!_/NAMEID_!!_MID_!4!_/MID_!!_UTCEPOCHTIME_!1546328579000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:43:09 AM!_/TIME_!
!_NAME_!Saj!_/NAME_!
!_TEXT_!<translateitem>Wish you a very happy ne year</translateitem>!_/TEXT_!!_NAMEID_!sajg6@test.com!_/NAMEID_!!_MID_!5!_/MID_!!_UTCEPOCHTIME_!1546328589000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:43:12 AM!_/TIME_!
!_NAME_!Saj!_/NAME_!
!_TEXT_!<translateitem>new*</translateitem>!_/TEXT_!!_NAMEID_!sajg6@test.com!_/NAMEID_!!_MID_!6!_/MID_!!_UTCEPOCHTIME_!1546328592000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:43:25 AM!_/TIME_!
!_NAME_!Saj!_/NAME_!
!_TEXT_!<translateitem>I need to close this ticket 10936307</translateitem>!_/TEXT_!!_NAMEID_!sajg6@test.com!_/NAMEID_!!_MID_!7!_/MID_!!_UTCEPOCHTIME_!1546328605000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:43:32 AM!_/TIME_!
!_NAME_!Saj!_/NAME_!
!_TEXT_!<translateitem>please help me in closing the same</translateitem>!_/TEXT_!!_NAMEID_!sajg6@test.com!_/NAMEID_!!_MID_!8!_/MID_!!_UTCEPOCHTIME_!1546328612000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:45:07 AM!_/TIME_!
!_NAME_!Saj!_/NAME_!
!_TEXT_!<translateitem>Anyone there ?</translateitem>!_/TEXT_!!_NAMEID_!sajg6@test.com!_/NAMEID_!!_MID_!9!_/MID_!!_UTCEPOCHTIME_!1546328719000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:47:13 AM!_/TIME_!
!_NAME_!Saj!_/NAME_!
!_TEXT_!<translateitem>??</translateitem>!_/TEXT_!!_NAMEID_!sajg6@test.com!_/NAMEID_!!_MID_!10!_/MID_!!_UTCEPOCHTIME_!1546328833000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:49:23 AM!_/TIME_!
!_NAME_!Saj!_/NAME_!
!_TEXT_!<translateitem>?? Hi Rohi You there?</translateitem>!_/TEXT_!!_NAMEID_!sajg6@test.com!_/NAMEID_!!_MID_!11!_/MID_!!_UTCEPOCHTIME_!1546328963000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:51:16 AM!_/TIME_!
!_NAME_!Rohi!_/NAME_!
!_TEXT_!<translateitem>Hello Saj my name is Rohi. How can I help you today?</translateitem>!_/TEXT_!!_NAMEID_!rohi@test.com!_/NAMEID_!!_MID_!12!_/MID_!!_UTCEPOCHTIME_!1546329076000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:51:27 AM!_/TIME_!
!_NAME_!Rohi!_/NAME_!
!_TEXT_!<translateitem>Yes</translateitem>!_/TEXT_!!_NAMEID_!rohi@test.com!_/NAMEID_!!_MID_!13!_/MID_!!_UTCEPOCHTIME_!1546329087000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:53:47 AM!_/TIME_!
!_NAME_!Rohi!_/NAME_!
!_TEXT_!<translateitem>Hello Saj my name is Rohi. How can I help you today?</translateitem>!_/TEXT_!!_NAMEID_!rohi@test.com!_/NAMEID_!!_MID_!14!_/MID_!!_UTCEPOCHTIME_!1546329227000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:54:38 AM!_/TIME_!
!_NAME_!Saj!_/NAME_!
!_TEXT_!<translateitem>?? Hi Rohi You there?</translateitem>!_/TEXT_!!_NAMEID_!sajg6@test.com!_/NAMEID_!!_MID_!11!_/MID_!!_UTCEPOCHTIME_!1546328963000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:55:12 AM!_/TIME_!
!_NAME_!Rohi!_/NAME_!
!_TEXT_!<translateitem>today you are geting this issue</translateitem>!_/TEXT_!!_NAMEID_!rohi@test.com!_/NAMEID_!!_MID_!12!_/MID_!!_UTCEPOCHTIME_!1546329076000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:56:39 AM!_/TIME_!
!_NAME_!Saj!_/NAME_!
!_TEXT_!<translateitem>?? Can you help me?</translateitem>!_/TEXT_!!_NAMEID_!sajg6@test.com!_/NAMEID_!!_MID_!11!_/MID_!!_UTCEPOCHTIME_!1546328963000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:57:10 AM!_/TIME_!
!_NAME_!Rohi!_/NAME_!
!_TEXT_!<translateitem>Sure</translateitem>!_/TEXT_!!_NAMEID_!rohi@test.com!_/NAMEID_!!_MID_!12!_/MID_!!_UTCEPOCHTIME_!1546329076000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:58:31 AM!_/TIME_!
!_NAME_!System!_/NAME_!
!_TEXT_!<span class='defaultsysmsg' style='display:none'>System Message: Saj G has closed the browser</span>!_SM+msg_hasClosed+Saj GSM_!!_/TEXT_!!_NAMEID_!system@email.com!_/NAMEID_!!_MID_!15!_/MID_!!_UTCEPOCHTIME_!1546329278000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
!_CI_!!_L_!en!_/LO_!!_TIME_!1/1/2019 2:59:17 AM!_/TIME_!
!_NAME_!System!_/NAME_!
!_TEXT_!<span class='defaultsysmsg' style='display:none'>System Message: rohi has closed and abandoned. To start a new chat click on &quot;Chat now&quot;.</span>!_SM+msg_UserAbandoned+rohiSM_!<arcmd cmd='arev_SESSIONCLOSED'>!_/TEXT_!!_NAMEID_!system@email.com!_/NAMEID_!!_MID_!16!_/MID_!!_UTCEPOCHTIME_!1546329312000!_/UTCEPOCHTIME_!!_/CINST_!
--------------------------------------------------------------------------------------
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Is the data supposed to be HTML?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...