I have a mysql slow.log being piped into splunk and works great. Splunk also seems to do a good job of separating the queries out. The only issue I have is I want to have splunk parse out the fields within the comments containing query time and similar. I can't seem to readily get this to work. See sample below:

/* /usr/share/www/redventures.com/data/reddash/dashboard.html / / DBHost: rv-atl-db06 via TCP/IP / / Server: rv-atl-web209 */;

Time: 110325 2:58:25

User@Host: intranet[intranet] @ rv-atl-web209-db [10.24.24.209]

Query_time: 4 Lock_time: 0 Rows_sent: 101 Rows_examined: 712668

SELECT CC.AgentID, COUNT(DISTINCT O.OrderID) AS OrdersStarted, COUNT(DISTINCT IF(O.CreditApproved = 'notchecked', .....

I want the Query_time, Lock_time and so forth to be added to the search as a name/value pair so I can run additional queries.

Ideas?