Here are some eventNames: 2022-NO_USER_IN_SESSION, 1022-DRR_INFO, ...
I need the values like: NO_USER_IN_SESSION, 1022-DRR_INFO (so eventName=NO_USER_IN_SESSION)
How to split the eventNames (2022-NO_USER_IN_SESSION, 1022-DRR_INFO)

index=app sourcetype=Epc*Event splunk_server_group=ewe sourcetype=EpcPromotionsEvent  eventName=?