thanks for help, here is the sample data
sourcetyep1
3/14/18
6:35:06.828 AM
2018-03-14 06:35:06.828, hostname="host1", domain="prod.com", ipaddress="10.50.45.34", clustername="APIs"
sourcetyep2
no record
sourcetype3
3/12/18
13:20:18.027 PM
2018-03-14 06:35:06.828, hostarc="host1", domain="prod.com", ipaddress="10.50.45.34", clustername="APIs" hostarc must rename as hostname
sourcetype4:
3/14/18
7:20:26.327 AM
2018-03-14 06:35:06.828, hostname="host1", domain="prod.com", ipaddress="10.50.45.34", clustername="APIs"
sourcetype5:
NOdata
... View more