OK, assuming that the problem is that a field called errorMsg does not exist, try this:

index=its_akana* source="/apps/logs/*" host=ent5*ll5app ("at the below stack trace. Not closed in the same method" OR
"Cannot get a connection, pool exhausted" OR
"com.digev.fw.exception.GException: Execution of a DB command failed" OR
"com.digev.fw.exception.GException: javax.wsdl.WSDLException: WSDLException: faultCode=OTHER_ERROR" OR
"com.mongodb.MongoSocketOpenException" OR
"com.mongodb.MongoTimeoutException" OR
"Data truncation" OR
"ERROR [DBStatementAndResultSetTracker] PreparedStatementTracker" OR
"Error encountered in WS-Security engine" OR
"Error in creating Prepared statement for the query" OR
"federation member auth token cannot be refreshed" OR
"GC overhead limit exceeded" OR
"Illegal character" OR
"java.lang.NullPointerException at com.soa.jbi.component.http.marshal.impl.OutgoingExchangeInitializer" OR
"java.lang.StackOverflowError" OR
"Log block not closed correctly. Enable log block tracking to see diagnostic information" OR
"Log frame is closed at the below stack trace" OR
"No corresponding startTraceBlock() is seen" OR
"No key found in WSDL for service" OR
"No process found" OR
"No Subject is associated with the call. Only Container identities can invoke this call. Returning authorization error" OR
"OutOfMemoryError" OR
"Timeout waiting for idle object" OR
"Unable to initialize SiteMinder agent" OR
"UsageJDBCWriter.writeUsage" OR
"Wsdl does not conform to wsdl schema" OR
"org.elasticsearch.action.UnavailableShardsException" OR
"None of the configured nodes are available") 

| rename COMMENT AS "You can get rid of the following line if you ever get the field extraction working"
| rex "(?<errorMsg>at the below stack trace. Not closed in the same method|Cannot get a connection, pool exhausted|com.digev.fw.exception.GException: Execution of a DB command failed|com.digev.fw.exception.GException: javax.wsdl.WSDLException: WSDLException: faultCode=OTHER_ERROR|com.mongodb.MongoSocketOpenException|com.mongodb.MongoTimeoutException|Data truncation|ERROR [DBStatementAndResultSetTracker] PreparedStatementTracker|Error encountered in WS-Security engine|Error in creating Prepared statement for the query|federation member auth token cannot be refreshed|GC overhead limit exceeded|Illegal character|java.lang.NullPointerException at com.soa.jbi.component.http.marshal.impl.OutgoingExchangeInitializer|java.lang.StackOverflowError|Log block not closed correctly. Enable log block tracking to see diagnostic information|Log frame is closed at the below stack trace|No corresponding startTraceBlock() is seen|No key found in WSDL for service|No process found|No Subject is associated with the call. Only Container identities can invoke this call. Returning authorization error|OutOfMemoryError|Timeout waiting for idle object|Unable to initialize SiteMinder agent|UsageJDBCWriter.writeUsage|Wsdl does not conform to wsdl schema|org.elasticsearch.action.UnavailableShardsException|None of the configured nodes are available)"

| chart count BY host errorMsg