I want to remove a string from _raw if it appears as a field say host. For example if I have
[--T::] sched: _slurm_rpc_job_step_create: StepId=. hype usec=
As my _raw message and hype is a type of host I want to have
[--T::] sched: _slurm_rpc_job_step_create: StepId=. usec=
FYI: the final goal here will be to create a digest of _raw that has more detail than punct. A hybrid of the two so to speak. As you can see I have already removed all time and numerical information. I may try to make this available as an app.