It would be nice to be able to extract fields at search-time, via a regular expression or some other form of pattern.
I.e. I have a log like "Encountered an error purchasing 10 of resource coins: Insufficient Funds", I should be able to write some query with a pattern that breaks out fields for "count": "10", "resource": "coins", "error": "Insufficient Funds". This will help me diagnose things like which resources are firing which errors, and chart changes over time.
Currently we have Derived Fields but these only work for new log ingestion going forward so don't help much diagnose things that have already happened. https://documentation.solarwinds.com/en/success_center/loggly/content/admin/derived-fields.htm
Similar to Runtime Fields from ElasticSearch (which I believe Loggly is built on?) https://www.elastic.co/guide/en/elasticsearch/reference/current/runtime.html
Or similar to Splunk's search-time field extraction https://docs.splunk.com/Documentation/Splunk/9.1.1/Search/Extractfieldswithsearchcommands
