Hi Experts, I'm having some difficulties to extract the correct information from a file that was add to splunk. I tried to read/understand as much as I could but still struggling to correctly extract the information. Here is a snip of my file: call_type: "I" alert_id: "8626530 " data_center: "XYZ2 " memname: "QWERTPX " order_id: "1OOUZ" severity: "R" status: "Not_Noticed " send_time: "20210928070008" last_user: " " last_time: " " message: "ASDFGH STARTUP OF REGION QWERTPX" run_as: "USER01 " sub_application: "QWERT " application: "HOUSEKEEPING " job_name: "JOBASDF " host_id: " " alert_type: "R" closed_from_em: " " ticket_number: " " run_counter: " " notes: " " call_type: "I" alert_id: "8626531 " data_center: "XYZ2 " memname: "QWERTZD " order_id: "1OOVH" severity: "R" status: "Not_Noticed " send_time: "20210928070009" last_user: " " last_time: " " message: "ASDFGH STARTUP OF REGION QWERTZD" run_as: "USER01 " sub_application: "QWERT " application: "HOUSEKEEPING " job_name: "JOBASDF " host_id: " " alert_type: "R" closed_from_em: " " ticket_number: " " run_counter: " " notes: " " call_type: "I" alert_id: "8626533 " data_center: "XYZ2 " memname: "QWERTZU " order_id: "1OOVV" severity: "R" status: "Not_Noticed " send_time: "20210928070009" last_user: " " last_time: " " message: "ASDFGH STARTUP OF REGION QWERTZU" run_as: "USER01 " sub_application: "QWERT " application: "HOUSEKEEPING " job_name: "JOBASDF " host_id: " " alert_type: "R" closed_from_em: " " ticket_number: " " run_counter: " " notes: " " call_type: "I" alert_id: "8626532 " data_center: "XYZ2 " memname: "QWERTZE " order_id: "1OOVJ" severity: "R" status: "Not_Noticed " send_time: "20210928070009" last_user: " " last_time: " " message: "ASDFGH STARTUP OF REGION QWERTZE" run_as: "USER01 " sub_application: "QWERT " application: "HOUSEKEEPING " job_name: "JOBASDF " host_id: " " alert_type: "R" closed_from_em: " " ticket_number: " " run_counter: " " notes: " " What I need is have this 21 fields extracted properly, at moment I tried the delimiters but it doesn't work with :   I believe I will have to write an regular expression (this is where I got stuck as I have no clue how...) Basically what I need is the below fields extracted from the file so I could run dashbords, reports, alerts etc... Field_1 - all_type: "I" Field_2 - alert_id: "0000007 " Field_3 - data_center: "XYZ2 " Field_4 - memname: "ABCABC01 " Field_5 - order_id: "1OO59" Field_6 - severity: "R" Field_7 - status: "Not_Noticed " Field_8 - send_time: "20210923210008" Field_9 - last_user: " " Field_10 - last_time: " " Field_11 - message: "MSG SHUTDOWN OF REGION ABCDEF" Field_12 - run_as: "USER01 " Field_13 - sub_application: "QWERT " Field_14 - application: "HOUSEKEEPING " Field_15 - job_name: "JOBASDF " Field_16 - host_id: " " Field_17 - alert_type: "R" Field_18 - closed_from_em: " " Field_19 - ticket_number: " " Field_20 - run_counter: " " Field_21 - notes: " " Really appreciate any help to achieve this  Thank you !!    ... View more