@erichard, try the following run anywhere search based on sample data provided. (Commands from | makeresults to | rename data as _raw generate dummy data. Assuming you have two events starting from topic field)

| makeresults
| eval data="topic=\"Sniffer\" message=\"\"timestamp\"=\"1524387631351\",\"process\"=\"com.x.android.apps\",\"packageName\"=\"com.google.android.gms\",\"type\"=\"URL\",\"URL\"=\"https://x.x.com/UploadConfigurationService/UnitUploadSettings/x071x?clientId=xx-mobile\"\"; topic=\"Sniffer\" message=\"\"timestamp\"=\"1524387779884\",\"process\"=\"com.google.android.gms\",\"packageName\"=\"com.google.android.gms\",\"type\"=\"URL\",\"URL\"=\"https://android.clients.google.com/c2dm/register3\"\""
| makemv data delim=";"
| mvexpand data
| rename data as _raw
| rex ".*message=\"(?<message>.*)\"" 
| rename message as _raw
| extract pairdelim="," kvdelim="="
| table *