I have two distinct events in an application log file: (see below). The events are multiline and seperated by a line of ------------. The fields are not in the same order between the two events. I would like to harmonize the events so that I can report on fields like Timestamp, Message, Category, etc.
I tried to use the automatic field extractor, but it could not read any field other than timestamp. I also attempted to use the following regex patterns, but the fields do not line up. I there a better single regex or a better method using the props.conf/transforms.conf to normalize this data.