Problem: I want to ignore all results from search that have message: <4 digits> in them. For example: { timestamp: 2021-05-17T22:30:06.299Z, level: error, message: 9173 }
Research done: I have looked into Splunk docs I tried implementing NOT regex "message: \d{4}" and "NOT rex "message: \d{4}" but it did not work.