With following search getting error as Missing Closing Parenthesis in splunk.
tried same rex in regex101 it was working.
index=digitalguardian "appStatus"
|rex ,\\"appStatus\\":\\"(?<status>\w+\s\w+)\\"
2024-02-21 {\"callCenterrecontactevent\":{\"customer\":{\"id\":\"6ghty678h\", \"idtypecd\":\"connect_id\"}, \"languagecd\":\"eng\",\"vhannelInstance\":: {\"status\":{\"serverStatusCode\":\"400\",\"severity\":\"Error\",\"additionalStatus\":[{\"statusCode\":400, \"appStatus\":\"Schema Validation\",\"serverity\":\"Error\"
