I'm looking to the community to hopefully shed some light on how I can achieve this. I've got some unstructured multi-line data with a definitive start and end event. I'm struggling to figure out if I should be using Multiline, Aggregate or both.
I'd like to for each line either capture the value or drop the line. I'm only bothered about the 1st, 6th & 7th lines and ideally aggregate the two multi-line sections into a single field.
Tue, 09 Oct 2018 22:35:37 INFO Connection accepted: 1.1.1.1:60126
Tue, 09 Oct 2018 22:35:37 INFO RPC bind request received.
Tue, 09 Oct 2018 22:35:37 INFO RPC bind acknowledged.
Tue, 09 Oct 2018 22:35:37 INFO Received poll request.
Tue, 09 Oct 2018 22:35:37 INFO Received poll request on Tue Oct 9 22:35:37 2018.
Tue, 09 Oct 2018 22:35:37 INFO Machine Name: Server1.domain.local
Tue, 09 Oct 2018 22:35:37 INFO Client GUID: e4tga-xsrt4d-sgcx343-s4tte4t-dh5y4wf
Tue, 09 Oct 2018 22:35:37 INFO Request Time: 2018-10-09 22:35:45 UTC (UTC+0000)
Tue, 09 Oct 2018 22:35:37 INFO Response:
Response
versionMinor: {0}
versionMajor: {1}
Tue, 09 Oct 2018 22:35:37 INFO Structure Bytes:
000000000002424220000000000600ab6abscd3dd77839234015
0005435646745b6abscd3sdgerdgegdrgddd7783sfgdg9234015
Tue, 09 Oct 2018 22:35:37 INFO Responded to request.
Tue, 09 Oct 2018 22:35:37 INFO Connection closed: 1.1.1.1:60126
Any help will be highly appreciated!