[source::...*splunk_assist_*.log]
sourcetype = splunk_assist_internal_log

[splunk_assist_internal_log]
description = Splunk Assist Internal Log
MAX_TIMESTAMP_LOOKAHEAD = 23
TIME_PREFIX = ^
TIME_FORMAT = %Y-%m-%d %H:%M:%S,%3N
SHOULD_LINEMERGE = false
ANNOTATE_PUNCT = false
NO_BINARY_CHECK = true
EXTRACT-log_level,app_name,module_name,function_name,process_id = ^(?:[^ \n]* ){2}(?P<log_level>[^ ]+)\s+\[(?P<app_name>[^\]]+)[^\[\n]*\[(?P<module_name>[^\]]+)[^ \n]* \[(?P<function_name>\w+)\]\s+\[(?P<process_id>[^\]]+)