Hello All, I am new to splunk and I have a question regarding the splunk field extraction. Consider the following example log snippet which consists of 4 events. The error messages are the same except for the field "sku" , time stamp and OrderNumber. After the below log has been ingested into splunk --If I were to search for the field "errorMessage" I will get 4 results which are the below events. On the other hand if I were to consider all the below events as one format (consider all the four events as duplicate) by ignoring the all the other key value pairs except "errorMessage" --can this be done without ever asking splunk to ignore the "sku" field ? [2021-02-05 18:00:00.00 GMT] ERROR OrderNumber|0001|component="DeltaInventory",errorMessage="Cannot find parent",sku="0001" [2021-02-05 19:00:00.000 GMT] ERROR OrderNumber|0002|component="DeltaInventory",errorMessage="Cannot find parent",sku="0002" [2021-02-05 20:00:00.00 GMT] ERROR OrderNumber|0003|component="DeltaInventory",errorMessage="Cannot find parent",sku="0003" [2021-02-06 21:00:00.00 GMT] ERROR OrderNumber|0004|component="DeltaInventory",errorMessage="Cannot find parent",sku="0004" Thanks!
... View more