Hi , There is a way to extract a value from field even there is no = between Key and Value? After extracting I want to use them as a search criteria. Unfortunatelly I need to work with data which are not optimized for splunk. For example : I have the following raw field: "2020-12-16 13:39:00.7174 INFO 001d1764-80c3-4c35-87c7-ec25382b4328 IM_Contact with SetID Cardlink_DCDOB2012146196-1006 has current Status Completed. ContactID [CO-000085513778], CaseID [CA-000002980184] APOrchestrator.ProcessIncomingMessage => ServiceQueueOrchestrator`2.LogContactStatus => Logger.LogInfo" I want to extract following key / values: Info = 001d1764-80c3-4c35-87c7-ec25382b4328 SetID = Cardlink_DCDOB2012146196-1006 Status = Completed ContactID = CO-000085513778 CaseID = CA-000002980184 Found some interesting answers but all of them working with real key value pairs (fields) as a basis.
... View more