I'm hoping one of the SolarWinds products can do what I'm looking for. I need something that can parse daily log file (.log) and look for the following lines:
08:49:15.416 ( 7528:11056) U-PE: 20000018 Hook: 1(OffHook)
09:26:41.618 ( 7528: 7820) U-PE: 2000017A State: 12(Established)
13:22:02.283 ( 7528:11056) U-PE: 20000156 Hook: 0(OnHook)
The first part is just standard time style formating.
The second part is always 5 numbers or 4 with a leading space, a colon, and 5 more numbers or 4 with a leading space.
The U-PE: is the event and the 8 alphanumeric ID that comes after that is uniquely bound to a user. So, for the example above, that is actually the events from three different users.
What I hope can be done, is find every time there is a U-PE: OffHook event that does NOT have an Established U-PE: before the U-PE OnHook event, and report the time between the OffHook and OnHook event.
As for the 8 character User ID, there are about two or three hundred, but they are all unique.