Hi experts,
I am trying to use kv filter but getting landed into a new problem. Surely no issue with filter, but my lack of knowledge 
PFB the details:
Problem statement:
I am trying to parse an application log using kv filter. The separator within the log line is tilde "~". I am able to get the key-value pairs for the not-null fields, but the null fields are getting ignored by the filter.
Example:
Sample Logline:
2018-09-06 16:51:16.337 INFO (THREAD-438) system_monitor : - LogTypeID=SAMPLELOG~RespCd=SAMPLE RESPONSE~MsgID=123456~HostNm=~SysTs=2018-09-06T16:51:16.312-07:00~AppID=SAMPLE~OrigCtyCd=~UPID=~PaySplitSeqNo=~AllocSeqNo=~AppServNmVr=Notify~PayTpChCd=~Amt=0~Curr=~SplitAmt=0~SplitCurr=~EventID="
Observation:
The split is happening as follows:
2018-09-06 16:51:16.337 INFO (THREAD-438) system_monitor : - LogTypeID=SAMPLELOG
RespCd=SAMPLE RESPONSE
MsgID=123456
Challenge:
As observed above, the split is happening as expected; but in the 1st line (with timestamps), I would like to only have the last string (LogTypeID) as the tag(no timestamps or Loglevel) . It should look something like:
LogTypeID =>SAMPLELOG
Please advise if there's a way to do this ? (split as per filter patter, and retain only a part of the new key, along with the value).
regards,
Niladri