[source::.../var/log/splunk/splunk_archiver.log(.\d+)?]
EXTRACT-severity,logger = .*?(?<severity>[A-Z]+) ((?<logger>[^\s]+) \-)*