I've seen the TA Unified2 do this, one single line of regex pulling all relevant fields from snort logs. I'm wanting to do the same thing for some NetApp logs I have:
The regex101 URL is: https://regex101.com/r/zlhxN9/1/
It has pretty good test data. The first line is a very typical format. The second line has a doozy, when an operation is carried out there is a field between the "::" delimitators that is further broken up with "<>" delimitators.
I'm at a loss here as you can see in the regex101 URL.
I am not sure what the question is here. Please can you explain further?