I have O365 logs in Splunk. I want to find all shared files/folders plus display sensitivity labels of these files.  All valuable information is in the same source type (sourcetype="o365:management:activity")  but in separate log rows. I want to see on my dashboard: CreationTime; ObjectId; Operation; SensitivityLabelId; Location; ProcessName; ProductVersion  "CreationTime": "2021-05-06T20:19:44"  "ApplicationName": "Microsoft Azure Information Protection Word Add-In"  "EventData": "<Type>Edit</Type><MembersCanShareApplied>False</MembersCanShareApplied>"  "Location": "On-premises SharePoint"  "EventSource": "SharePoint"  "ProcessName": "WINWORD"  "ItemType": "File"  "ProductVersion": "2.9.116.0"}  "ObjectId": "https://[FILE_FULL_PATH]/TEST_SHARE_ANYONE_WITH_THE_LINK.docx"  "CreationTime": "2021-05-06T20:13:57"  "Operation": "AnonymousLinkCreated"  "DataState": "Use"  "RecordType": 14  "ObjectId": "https://[FILE_FULL_PATH]/TEST_SHARE_ANYONE_WITH_THE_LINK.docx"  "SiteUrl": "[MY_PERSONAL_DRIVE]"  "Operation": "Access"  "SourceFileExtension": "docx"  "ProtectionEventData": {"IsProtected": true  "SourceFileName": "TEST_SHARE_ANYONE_WITH_THE_LINK.docx"  "ProtectionOwner": "test@mail.com"  "SourceRelativeUrl": "[PATH]/TEST_SHARE_ANYONE_WITH_THE_LINK.docx"  "ProtectionType": "Template"  "UserId": "test@mail.com"  "SensitiveInfoTypeData": []  "Workload": "OneDrive"}  "SensitivityLabelEventData": {"SensitivityLabelId": "70fd9a0e-0d31-4c8e-9c48-fa8ba4ec32c0"}    "UserId": "test@mail.com"    "UserKey": "test@mail.com"    "UserType": 0    "Version": 1    "Workload": "Aip"} ... View more