Hi TitanAE,
try to use the Splunk Field Extractor that guides you in field extraction without knowing Regexes.
You can access it in an easy way:
run a search,
identify an event wher there's the field you want to extract,
on this event, click on the ">" button on "i" column,
click on Event actions button and Extract Fields option,
Splunk opens a new window,
click on "Regular Expressions" button and then on "Next" button,
using your mouse select the value you want to extract,
add the field name and click on "Add extraction" button,,
check results and then "Next",
che if you need some exclusion and then "Next",
save your field (I suggest always in App),
"Finish"
usually you need ro reload page to have the field and don't fear if you don't see it immediately it needs a few time to be ready.
Bye.
Giuseppe
P.S. I suggest to study regexes: when you'll know them you'll use only them (personal experience)!
... View more