Unfortunately, I'm not able to post even a sanitized example of our events. I can give you all the pertinent information:
Search- index=network sourcetype="f5:bigip:apm:syslog" linecount!=1
Time Event
10/26/17 Oct 26 10:04:58 bigip1 (Sensitive data)......
10:04:58:000am Oct 26 10:05:00 bigip2 (Sensitive data)........
Oct 26 10:05:02 bigip3 (Sensitive data)..........
This is an example of one event with three log entries. The desired result is to have one event per log entry. I know this isn't ideal, but I hope you can get an idea of what I'm trying to convey.
... View more