So there are two ways.
index=xx source=/xx.log | rex field=your_field "(?<your_new_field>REGEX)"| table your_new_field
This shows only the value of the captured regex.
index=xx source=/xx.log | regex _raw="REGEX"
This keeps only the events that match REGEX.
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Regex
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Rex
The second one gives me the lines with what I'm looking for, when I choose 'View Source', it's giving me the full line and not the extracted data from each line. Can I do that?
You can either use the first method and then filter out events where "your_new_field" is null (because the regex didn't match anything). Or you could run the second command given to filter out the relevant events, and then pipe that to the first command to actually do the extraction.
So there are two ways.
index=xx source=/xx.log | rex field=your_field "(?<your_new_field>REGEX)"| table your_new_field
This shows only the value of the captured regex.
index=xx source=/xx.log | regex _raw="REGEX"
This keeps only the events that match REGEX.
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Regex
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Rex