Splunk Searching and Grouping

I'm starting to play with Splunk searching. We process multiple large files every night as the bulk of our work. Our system writes numerous log messages during this processing activity. Every file processed gets a unique identifier. I needed to sort through these logs and group all entries for a given file together. Here is the search I used:

application="MyApp" logger="LoggerName" message="*some part of message*" | rex field=message ".part . (?\d+).*" | transaction id

The first section of the search (application="MyApp" logger="LoggerName" message="*some part of message*") represents the search terms in Splunk. The second portion is a regular expression (rex field=message ".part . (?\d+).*") that is parsing a value out of the message field and giving it the name "id". The last part (transaction id), groups all of the records that are found with the search terms by the "id" value.