It will help immensely if you start from the beginning creating standard/normalized fields. Below are some simple ideas but you can find a more comprehensive schema built by Graylog here:
Graylog (GIM) Schema
NOTE: consider all lower case since it is sensitive.
source_ip
destination_ip
sourece_port
destingation_port
host_hostname
taget_host
user_name
target_user
event_error_code
event_error_description