Any time I try using the Extract Field option in an event list the next page returns this error:
Error in 'rex' command:
The regex '//' does not extract anything. It should specify at least one named group. Format: (?...).
This used to work but it's been a few months since I tried it. I'm not doing anything special as you can see. The regex is just // yet it returns nothing. I tried restarting Splunk but I think something is broken somewhere.
I found the problem, there was a field extraction saved with just // in the regex. Not sure how it got there or why it was screwing up the extract. Deleting this extraction fixed the issue, I can now proceed through the wizard to extract additional fields.
Great job! Now come back here and click Accept
on your answer to close the question.
The screenshots are not attached.
Sorry, I'm not good at attaching. See if you can find them here.
In which Splunk Version you are getting this error?
According to me, you have to mention field name in rex, which you can use further,
like (?<Name>//)
Please refer doc for more info:
https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchReference/Rex