cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

parse log multiple values in field

S_Hadley1138
Contributor

hi there, im trying to write my first basic parser.  the content is this....

2023-12-22T10:01:36.784Z,10.2.160.138,bwp09926163,10.2.160.197,bwp09926175.bxt.com,";250 2.6.0 <20231222100207.52060408C2@blp02806066> [InternalId=6691559047721, Hostname=bwp09926175.bxt.com] 6545 bytes in 0.029, 218.221 KB/sec Queued mail for delivery;ClientSubmitTime:",Intra-Organization SMTP Send Connector,SMTP,SEND,7219840024956,<20231222100207.52060408C2@blp02806066>,a549d938-0224-445b-45c5-08dc02d514fe,YADAVM4@BTGroupCloud.mail.onmicrosoft.com,250 2.1.5 Recipient OK,6317,1,,,,clarify@blp02806066.bxt.com,clarify@blp02806066.bxt.com,2023-12-22T10:01:36.670Z;LSRV=bwp09926163.domain1.systemhost.net:TOTAL-HUB=0.217|SMR=0.103(SMRDE=0.002|SMRC=0.101(SMRCL=0.100|X-SMRCR=0.099))|CAT=0.051(CATRESL=0.021|CATORES=0.028(CATRS=0.027(CATRS-Prioritization Agent=0.019|CATRS-Transport Rule Agent=0.001(X-ETREX=0.001)|CATRS-Index Routing Agent=0.006)))|SMSC=0.028|SMS=0.032,Originating,,,,S:E2ELatency=0.114;S:MsgRecipCount=1;S:IncludeInSla=True;S:Microsoft.Exchange.Transport.MailRecipient.RequiredTlsAuthLevel=Opportunistic;S:IsSmtpResponseFromExternalServer=False;S:DeliveryPriority=Normal;S:AccountForest=systemhost.net,Email,92551c2a-cb10-41cc-756a-08dc02d4fc3b,15.01.2507.032

 

JSONTIMESTAMP:timestamp
','
IPV4ADDR:clientip
','
LD:clienthostname
','
IPV4ADDR:serverip
','
LD:serverhostname
','
LD:sourcecontext
','
LD:connectorid
','
LD:source
','
LD:eventid
','
LD:internalmessageid
','
LD:messageid
','
LD:networkmessageid
','
LD:recipientaddress
','
LD:recipientstatus
','
LD:totalbytes
','
LD:recipientcount
','
LD:relatedrecipientaddress
','
LD:reference
','
LD:messagesubject
','
LD:senderaddress
','
LD:returnpath
','
LD:messageinfo
','
LD:directionality
','
LD:tenantid
','
LD:originalclientip
','
LD:originalserverip
','
LD:customdata

 

doesnt quite work, as the recipientaddress field, can contain multiple addresses seperated by ';'

im definately out of my depth - any help would be appreciated

0 REPLIES 0

Featured Posts