Thats pretty much the same result as the last and its trips everything but the first field. Results with your SEDCMD 5/28/21 3:32:29.100 PM May 28 15:32:30 palohost 1 host = pdq source = palohost-0528-15.log sourcetype = pan:log Source log line: May 28 15:32:30 palohost 1,2021/05/28: 20:32:29,011901036309,TRAFFIC,end,2305,2021/05/28 20:32:29,<someip>,<someip>,0.0.0.0,0.0.0.0,<rule>,<user>,,<protocol>,<virtualsystem>,EXTTUNNEL,EXTINSIDE,tunnel,ethernet0/0,,,150000,,50000,443,0,0,,tcp,allow,143734,112711,31023,340,2021/05/28 20:30:59,75,<classification>,,,,,,,211,129,<action>,123,456,0,0,,palohost,from-policy,,,0,,0,,N/A,0,0,0,0,<some guid>,0,0,,,,,,, Here is what I want it to look like without the first field. 5/28/21 3:32:29.100 PM ,2021/05/28: 20:32:29,011901036309,TRAFFIC,end,2305,2021/05/28 20:32:29,<someip>,<someip>,0.0.0.0,0.0.0.0,<rule>,<user>,,<protocol>,<virtualsystem>,EXTTUNNEL,EXTINSIDE,tunnel,ethernet0/0,,,150000,,50000,443,0,0,,tcp,allow,143734,112711,31023,340,2021/05/28 20:30:59,75,<classification>,,,,,,,211,129,<action>,123,456,0,0,,palohost,from-policy,,,0,,0,,N/A,0,0,0,0,<some guid>,0,0,,,,,,, host = xxx source = palohost-0528-15.log sourcetype = pan:traffic
... View more