SH-Deployer/apps/SA-ITOA/default/notable_event_commonality.conf

[common_event_fields]
black_list_fields = event_id,owner,status,severity,drilldown_search_title,drilldown_search_earliest_offset,drilldown_title,drilldown_uri,search_type,time,entity_key,orig_rid,_raw,_time,splunk_server,_cd,_bkt,mod_time,orig_time,orig_sid,is_use_event_time,eventtype,event_field_max_length,tag,splunk_server_group,search_name,rid,linecount,itsi_action_rule_keys,itsi_earliest_event_time,itsi_first*,itsi_group*,itsi_group_count,itsi_last_event_time,itsi_instruction,itsi_is_*,itsi_*_id*,itsi_split_by_hash,event_identifier_fields,event_identifier_hash,event_identifier_string,source,sourcetype,tag::eventtype,drilldown_search_search,drilldown_search_latest_offset,punct,timeendpos,timestartpos,Title,title,description,orig_raw,index,alerttriggertime,*_entity_*,serviceid,statusdescription,message,service_ids