[set_sourcetype_omniswitch]
SOURCE_KEY = MetaData:Host
REGEX = .*
FORMAT = sourcetype::alcatel_omniswitch

[extract_alcatel_fields]
REGEX = ^(?<date>\w+\s+\d+\s+\d+:\d+:\d+)\s+(?<hostname>\S+)\s+(?<process>\S+)\s+(?<sub_process>\S+)\s+(?<log_level>\S+):\s+(?<event_info>.*?)(?:(?<cmd>\b(?:cmd|cmdHy):\d+))?(?:,\s+(?<zport>\bzport:\d+))?(?:,\s+(?<apMedia>\bapMedia:\d+))?
FORMAT = date::$1 hostname::$2 process::$3 sub_process::$4 log_level::$5 event_info::$6 cmd::$7 zport::$8 apMedia::$9