addAiFields: true  # Whether we should add AI fields to the alerts
 maxFields: 10      # Maximum # of fields to return from FieldSelector
# List of field names =>
# We will drop any fields with these names regardless of their values
 namesToDrop:
   - groupingid
   - entity_key
   - search_name
   - search_type
   - owner
   - event_identifier_fields
   - search_type
   - itsi_instruction
   - is_use_event_time
   - event_id
   - mod_time
   - log_level
   - rid
   - _time
   - cpu_time
   - latency
   - ts
# List of prefixes =>
# We will drop any fields whose names begin with these prefixes
 prefixesToDrop:
   - drilldown
   - itsiDrilldown
   - event_identifier_
   - orig_
# List of search terms =>
# We will drop any fields whose names contain these search terms
 searchTermsToDrop:
   - severity
   - status
# List of search terms for AI fields =>
# We will use any fields whose names contain these search terms as input to our AI field extraction logi
 searchTermsForAiFields:
   - title
   - summary
   - description