Thank you for sharing the sample event. You still haven't described your expected and actual results.
Please run this query to verify the fields are as expected.
"*test-path*" | bucket span=1d _time | rename test-path as path | rename message as msg | table path msg
... View more