Destination=(.? ) AppName=(.*)(?=AppID=) ^(?:[^|]*\|){5}([^|]*) ^(?:[^|]*\|){5}([^|]*) DeviceName=(.*Event=) Timestamp=(.*Z) DeviceName=(.*)(?=Event=) DeviceName=(.*)(?=Event=)