I am trying to find the top ten Apache errors based on the error message. Error message or message isn't a default field type, so I'm not sure how I can do this without that.
Do I need to create my own field type for message?
I would think splunk would have this out of the box by now (if I'm not missing it).