I am trying to parse out a log entry that is comma separated, but if the SOMEUSER field exists will have a comma in it as well that should be ignored.
The fields that exist in some fashion are SOMEUSER, SOMENETWORK, SOMENETWORK
Examples of the format of the logs are:
"Smith, John A. - Some Business Title (Smi,SOMENETWORK,SOMECOMPUTER"
"Smith, John A. - Some Business Title (Smi,SOMECOMPUTER"
I do have a identity_type field that will tell me what kinds of identities are in the csv list that I need to split out, but I am not sure how to skip the first comma if the AD User identity field is present.
Formats I have seen in the logs:
I am looking to see if there is a way to skip the first comma if the SOMEUSER value exists.
My thoughts were to use an if statement to process things depending on what identity types are in the appropriate field, which works for everything except when the SOMEUSER field with the comma in it messes it all up.