Hello, I am working on a Splunk query and I need help adjusting my rex command to get two fields that are in one field into their own fields. Example below:
index=test sourcetype=test category=test
| rex field=user "(?<region>[^\/]+)\/(?<username>[^\w].+)"
| fillnull t
| sort _time
| table _time, username, user, region, sourcetype,  result, t
| bin span=1d _time
| dedup t

The user field has: test\test1 and I need it to split that so username=test region=test1