1 Solution
try this anywhere:
| makeresults count=1
| eval data = "20/02/19 22:23:59 : Maintenance counter \"Digital Materials Mode\" Value is: 84 hours.;;;20/02/19 22:24:59 : Maintenance counter \"Another Counter\" Value is: 74 seconds.;;;20/02/19 22:25:59 : Maintenance counter \"Counter\" Value is: 64 minutes."
| makemv delim=";;;" data
| mvexpand data
| table data
| rename COMMENT as "above generates fake results, belew is your solution"
| rex field=data "(?<timestamp>\d{2}\/\d{2}\/\d{2}\s\d{2}:\d{2}:\d{2})\s\:\sMaintenance\scounter\s\"(?<counter>[^\"]+)\"\sValue\sis\:\s(?<value>\d+)\s(?<value_counter>[^\.]+)"
screenshot:
try this anywhere:
| makeresults count=1
| eval data = "20/02/19 22:23:59 : Maintenance counter \"Digital Materials Mode\" Value is: 84 hours.;;;20/02/19 22:24:59 : Maintenance counter \"Another Counter\" Value is: 74 seconds.;;;20/02/19 22:25:59 : Maintenance counter \"Counter\" Value is: 64 minutes."
| makemv delim=";;;" data
| mvexpand data
| table data
| rename COMMENT as "above generates fake results, belew is your solution"
| rex field=data "(?<timestamp>\d{2}\/\d{2}\/\d{2}\s\d{2}:\d{2}:\d{2})\s\:\sMaintenance\scounter\s\"(?<counter>[^\"]+)\"\sValue\sis\:\s(?<value>\d+)\s(?<value_counter>[^\.]+)"
screenshot:
