How do I use regex or replace to remove the first occurrence word found and replace second occurrence onward with comma?
For example, the raw data is:
ubuntu CRON[2907]: pam_unix(cron:session): session opened for user root by (uid=0) ubuntu CRON[2907]: pam_unix(cron:session): session closed for user root
I want it to be:
CRON[2907]: pam_unix(cron:session): session opened for user root by (uid=0),CRON[2907]: pam_unix(cron:session): session closed for user root
↧
Search query to replace first occurrence word with blank but second occurrence to replace with comma
↧