Multiline records

Excel for Security Analysts – Episode 2 – Import Multiline Logs

(By: Gil Raviv. Originally published here).

In today’s episode on Excel for Security Analysts, we will import SSH logs to Excel. To read more episodes of Excel for Security Analysts, go here.

The idea for this post came from a TechNet forum thread that started by a Data Analyst here (Thank you Rajender for sharing the challenge and the logs).

You start with a log file like this:

And you should end up with a table in Excel:

Transform multiline records into a table

This blog post was originally posted on TechNet and is one of the most viewed posts I have written 🙂

In today’s post, there is a nice Power Query trick to transform multiline record data into a table in Excel. I intend to use this trick quite soon on my next two posts as part of the Excel For Security Analysts series (So stay tuned for some magic on SSH and IPTables firewall logs).

We have many cases where our raw data is formatted in multiline attribute-value pairs. The first column contains the attributes, and the second column contains the values. Analyzing the data with such format is quite challenging.

