Thanks for the reply.
I must confess I am encountering makeresults for the first time, so trying to wrap my head around the search cmd.

AB22-,AB43-,AB03-,AB1233-,ABw-,AB22222222- is not my raw data, it was just an example. The cells contain data with a pattern of ABXX- and I want to filter only those records in a specific column which follow that specific pattern.

I did come across filter option when converting data into Data Table. However, still no success.

did you try this?

index=<your_index>| rex field=_raw "(?<newfield>AB\d{2}-)"| search newfield=*

can you share sample raw events so that I can give you appropriate regex?

There are thousands of lines, just sampling few lines. This data is coming from comments people write for specific hardware and is not generated by a machine. Thus, it is highly random. The raw data is as follows. Additionally this data is present in a specific column.

After the search the first 6 rows should be the final result.

1 1401812.AQWEAB02-TCPL02.1G
2 1356292.QWERAB04-ANCA02
3 1234OAB05-PLAIN02 reserved ||
4 1405252.AB07-SBCC01
5 1409325-ARDRAB05-GENIV02.22
6 1304030.ARDRAB07-TECEL02.10333
7 1389621.ABFDBC01-COGDS02333
8 1349222.ABFDBC01-MOH29.5MJJ
9 1313513.ABFDBC01-BPRSS
10 1393599.ABFDBC01-WGELP
11 1375957.ABFDBC01-BREQL01.0M222
12 1332348.ABFDBC01-MANNG01.10M1WW1

13 1321017.ABFDBC01-BLJCW01.3MQQ

Moreover, it is not only AB??- that I would be searching for, there are other criteria as well but I guess if we can get one criteria down then others should follow the same pattern.

yes so I have given the correct regex
what is the result of this search?

 index=<your_index>| rex field=_raw "(?<newfield>AB\d{2}-)"| search newfield=*

I have already given you the solution.
See my workaround here. it is exactly matching first 6 events. above search will return only events with AB??-.
https://regex101.com/r/7b6mTh/1

If you deem a posted answer as valid and helpful to your solving of the issue, please accept said answer so that this question no longer appears open.

Thanks a lot mate. Yes, it worked as wanted. In the end if I want to add BC??- to AB??- how should I add these two.

do you mean (AB OR BC)??-?
then try this

(?<newfield>((AB)|(BC))\d{2}-)

Thanks again...yes. It did the trick.

Moreover, regex101.com is a great tool.

did you try this?

Thanks in advance. I got the following error.

Error in 'rex' command: Encountered the following error while compiling the regex 'AB(?\d\d)-': Regex: unrecognized character after (? or (?-