I have a data source where the log format is the same but one attribute changes for various logs. I want to extract the field name and field value from the log itself.. is it possible? Please find sample logs below
May 15 04:29:41 host datasource: "0" "Enterprise Forest" "domain" "field2" "severity" "user" "id" "profileid" "type" "eventid" whencreated=""2019-05-16T08:31:32.0000000Z""
May 15 04:29:41 host datasource: "0" "Enterprise Forest" "domain" "field2" "severity" "user" "id" "profileid" "type" "eventid" pwdlastset=""2019-05-16T08:31:32.0000000Z""
May 15 04:29:41 host datasource: "0" "Enterprise Forest" "domain" "field2" "severity" "user" "id" "profileid" "type" "eventid" badpwdcount="20"
May 15 04:29:41 host datasource: "0" "Enterprise Forest" "domain" "field2" "severity" "user" "id" "profileid" "type" "eventid" operatingsystemversion=""6.1 (7601)""
If you notice, the last attribute alone changes for each log. I want to extract the fields like mentioned below.
field value
whencreated 2019-05-16T08:31:32.0000000Z
pwdlastset 2019-05-16T08:31:32.0000000Z
badpwdcount 20
operatingsystemversion 6.1 (7601)
... View more