should return a field called Error_Code which signifies the error encountered by the authenticating user. This field parses "-" for everything which is incorrect. I have tried to use field extractor, but that still hasn't worked. I don't know why.
If I extract the field "inline":
| rex field=Message "Error\sCode:\s+(?0[^\s]+)"
it works but there are way too many events to do this