I have an event which looks like this"
USERNAME HOME_DIR USER_INFO
root /root root
ec2-user /home/ec2-user EC2 Default User
test_user1 /home/test_user1 Testing User
test.user2 /home/test.user2 Test User 2
realuser /home/realuser A Real Person
I want to build a field extraction to capture each value from the 3 columns, but i cant get the extraction tool to find any more than one occurrence in any event. I presume this is because it is not attempting multiline extractions, but fiddle and try as I might, i cant get multiline (?m) extractions to work.
Can anyone point me in the correct direction?