Below is my sample log format

%timestamp% com_java_package1.subpackage someMessage exceptionMessage
%timestamp% someText com_java_package2.v1.subpackage exceptionMessage
%timestamp% com_java_package3_v2.subpackage exceptionMessage
%timestamp% someText someOtherText someVeryBigText com_java_package4.subpackage someMessage exceptionMessage

Usage 1:

index=someIndex sourcetype=someSourceType (packageName=com_java_package1 OR packageName=com_java_package2)

Usage 2:

index=someIndex sourcetype=someSourceType ("com_java_package1" OR "com_java_package2")

The logs are in a very bad shape where I cannot write a generic regex to extract packageName field.
It requires lot of effort to put all combination to extract the packageName field.

Now my question is - do I really need field extraction for packageName?
Is there any potential benefits in performance of above usage over the other?