First I tried to search for chars which aren't alphanumeric and replace them with space character.
source="Regex.zip:" | rex mode=sed field="Incident Description" "s/[^a-zA-Z0-9]/ /g"*
This does work fine but when I try the other approach as shown below
Second approach was to find all the special characters and replace them with space character.
source="Regex.zip:" | rex mode=sed field="Incident Description" "s/[!@#$%^&()-?/{}<|>\:;]/ /g"
This does display an error: Error in 'rex' command: Regex: missing terminating ] for character class
I believe this link has the answer you are looking for.
https://answers.splunk.com/answers/139777/rex-mode-sed-diff-between-replace-and-substitute.html
For completion and in order to avoid complicated syntax I would use the following regex instead:
| rex mode=sed "s/\W+/ /g"
Or if you want to have a more granular control:
| rex mode=sed "s/[^a-zA-Z0-9_\-\.]+/ /g"
how to use this during parsing time or props.conf
Take a look at the following http://docs.splunk.com/Documentation/Splunk/6.5.2/Data/Anonymizedata as it'll explain this better than me.
The concept is the same.
Try escaping the special characters
... | rex mode=sed "s/\\[\!\@\#\$\%\^\&\(\)\-\?\/\{\}\<\|\>\\\\\:\;]/ /g""