I’m analyzing events that may contain one or more file names. Extracting a file name when there’s only one per event is easy. With multiple file names, only the first one is recognized. Consecutive file names are separated by a comma followed by a space. I’d like to create a separate event for each file name in the event. The number of filenames listed in an event is unknown. Events look like this:
Event A: _time, IP, user, etc. ….Added files: Filename1, Filename2, Filename3, etc.
Desired results would be:
Event A: _time, IP, user, etc. ….Added files: Filename1
Event B: _time, IP, user, etc. ….Added files: Filename2
Event C: _time, IP, user, etc. ….Added files: Filename3
I’m new and have not yet used configs/advanced features so I’m looking for a relatively straightforward solution, if possible.
Thank you.
... View more