Hey Badger,
Thank you very much! Your solution works like a charm. You're great!
I just have one question: You mentioned grok only matches against the first line of a multiline message, so why is the first grok working? There are some other lines before the line that marks the start of the table transactions (the one we're using to extract the transaction timestamp). I mean, to be more clear, there's this line I used in the example:
[Component] DEBUG another.different.package - $Info: Useless info
That line comes before the one we're using to extract the transaction timestamp (and there are more lines in the log file I'm parsing), so why is that first grok working? To my understanding, the timestamp I want to extract is not the first line of the event.
Thanks again for your help!