I will try and explain my problem to the best of my ability. I am attempting to create a saved search from which I hope to make a pie graph which will display several different events. I am a Splunk newbie and my knowledge of proper search syntax is garbage. The means which I am using to find the events of interest is as follows (I know this is ugly):

index=someindex SomeKeyWord NOT thisword (someword1 OR someword2 OR someword3)

The reason I am searching like this is because I am searching for a particular action failing and it happens to break in like seven different ways, each way producing a log with a different string of words. I've spent three days trying to mess around with rex to try and extract key words from each one of these logs and create a tally of how many times each event occurs, but alas I am not skilled enough to make this work.

Here is an example of three distinct logs which are pulled from my search. I am trying to gather each log depending on the words it has and tally them into distinct categories. The way I am trying to do this is to have rex parse through each log and depending on which key word it finds in the log, push it into a group which I can organize into a table.

LOGS:

2016/04/07 13:52:34.503 I-100001 TCPCOM1 Storenumber 😘 TSEND D(230,105,,,1,16, 123490,31904812390,Sale_0000,,,,,*****************,21348972198,23984721,,,,*CEM_Swiped ,,238420,,,,,,,,,,,2390420,,,,some words 1**,,,,,,,,719482,,719482,English,04072016,105232,,207,BBCR1111,1,,702348729,,,,,,619,2134981200,,) N(6,F09034)
host = host1 source = source1 sourcetype = sourcetype1

2016/04/07 13:52:34.503 I-100001 TCPCOM1 Storenumber 😘 TSEND D(230,105,,,1,16, 123490,31904812390,Sale_0000,,,,,*****************,21348972198,23984721,,,,*CEM_Swiped ,,238420,,,,,,,,,,,2390420,,,,some words 2**,,,,,,,,719482,,719482,English,04072016,105232,,207,BBCR1111,1,,702348729,,,,,,619,2134981200,,) N(6,F09034)
host = host1 source = source1 sourcetype = sourcetype1

2016/04/07 13:52:34.503 I-100001 TCPCOM1 Storenumber 😘 TSEND D(230,105,,,1,16, 123490,31904812390,Sale_0000,,,,,*****************,21348972198,23984721,,,,*CEM_Swiped ,,238420,,,,,,,,,,,2390420,,,,some words 3**,,,,,,,,719482,,719482,English,04072016,105232,,207,BBCR1111,1,,702348729,,,,,,619,2134981200,,) N(6,F09034)
host = host1 source = source1 sourcetype = sourcetype1

The fields I care about are: store number, some words1, some words2, some words3, and date which the log occurred. Ultimately I want to have a pie chart which will depict how many times each type of log happened, what store it happened at, and when. I understand what a convoluted mess this is, but If someone could help me or steer me into the right direction with this I will actually cry tears of joy.