Delimiter in Value of a key-value file reader
I'm trying to update a syslog subparser to cover an additional case. It's a key-value file reader-type parser.
However, I'm running into a problem where the VALUE of one of the pairs contains the delimiter. This is a raw logline from a Cisco ACS threshold alarm:
Sep 25 15:00:00 tacacs-test CSCOacs_View_Alarm 0000000015 1 0 ACSVIEW_ALARM Threshold alarm name="ACS - System Health",severity=Critical,cause="Alarm caused by ACS - System Health threshold",detail="(ACS Instance=tacacs-test1,CPU Utilization (%)=0.41,Memory Utilization (%)=5.80,Disk I/O Utilization (%)=0.26,Disk Space Used /opt (%)=5.89,Disk Space Used /localdisk: (%)=5.44,Disk Space Used / (%)=10.03) "
The existing parser regexes the first part, then sends the rest (bolded) to a key-value extraprocessor. This setup works fine for all of the rest of the logs generated by the system. However, with this log, the "detail" key contains the delimiter (comma), so I get this, and a bunch of other meaningless key/value pairs:
I've tested with text.qualifier=" , but that doesn't seem to encapsulate the string (just causes the " to be ignored/removed).
This should be simple enough to do, but I'm having trouble finding any way to have the quotes taken seriously.