The field that is not extracting correctly is the http_user_agent field. This field in the top record is the third "-" just before the "y.y.y.y" IP. In the lower record, the field is the content between the quote marks "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
This is my regex:
This works well when there is content between the quotes, but not when there is no content and just a "-" with no quotes.
I have tried this regex:
and it works until there is a space inside the quotes then the regex stops.
I tried this regex: