I am indexing a string for the DBConnect where one of the fields stores a modified data in one of the cells.
In a sub part of a Log entry I am having a difficulty extracting the KV pairs. Where the previous parts of each log entry have the basic Key=Value on a line each, that is working. The part that is not is from the AllXML field - string= item.
- Starts with:
string="
- Each key:value pair is separated with:
:
- Additional Keys begin from:


- Additional Values end with:

- Stops with:
"
Sample Log Entry:
AllXML=<error
application="my application name"
detail="whole bunch of stuff"
time="2014-08-08T11:11:59.4225842Z"
statusCode="500">
<serverVariables>
<item
name="ALL_HTTP">
<value
string="KEYNAME1:Value1 Value1,MoreValue1
Key-Name2:Value2-Value2.Value2
KEY-NAME3:true
Key_Name4:Value4 ; Value4,Value4.Value4 - vvvvvvAAALLLLuuuueeeee44444
" />
The OutPut should be, so that these items get indexed:
application="my application name"
detail="whole bunch of stuff
time=2014-08-08T11:11:59.4225842Z
statusCode=500
KEYNAME1=Value1
Key-Name2=Value2-Value2.Value2
KEY-NAME3=true
Key_Name4=Value4 ; Value4,Value4.Value4 - vvvvvvAAALLLLuuuueeeee44444
I know it should be through the transform.conf - but getting the regex to pull the data in has become difficult.
ant assistance would be appreciated.
Thanks,
