Help with regex/grok

sample line:
SOMETEXTBEFORE... UserName=jsmith, CmdSet=[ CmdAV=show CmdArgAV=running-config CmdArgAV=interfaces CmdArgAV=Port-Channel1 CmdArgAV= ], Protocol=Tacacs, MatchedCommandSet=AllowAllCommands, SOMETEXTAFTER...

what I'm hoping to do is pull from the above:

message = entire string above so GREEDYDATA...
add "username" = jsmith
add "command" = show running-config interfaces Port-Channel1

so... I'm pretty sure I could get the username... with

but how do I remove all the "CmdArgAV=" ect... there will be anywhere from 1 to many "CmdArgAV" depending on what command the user ran... they can run "who" and there's only 1 instance or they can run what I did and there's 4 of them...

thoughts or suggestions appreciated.



You should be able to use mutate { gsub => [ ... ] } to remove all occurences of "CmdArgAV=" in the string in between the square brackets.