Hello!

I'm working on a Rex Expression for my job, and wanted to ask for some assistance in developing it. I'm supposed to make a rex expression to pull out the "Fixed version" of a piece of software out of a field called "pluginText". Right now the problem is the Rex expression I've made only works half the time.

My Rex expression is currently:

 | rex field=pluginText max_match=0 "\s+Fixed version\s+:\s+(?<FixedVersion>.+)"\n

Here are some relevant examples of the sorts of data I'm working with:

<plugin_output>
   Path        : C:\Program Files\VMware\VMware Tools\VMware VGAuth\libssl-3-x64.dll
   Reported version : 3.0.3.0
   Fixed version : 3.0.4</plugin_output>

and

<plugin_output>
   Path : C:\myPrograms\cygwin64\bin\openssl.exe
   Reported version : 1.1.1.4
   Fixed version : 1.1.1p

  Path : C:\myPrograms\Git\usr\bin\openssl.exe
  Reported version : 1.1.1.9
  Fixed version : 1.1.1p

  Path : C:\myPrograms\Git\mingw64\bin\openssl.exe
  Reported version : 1.1.1.9
  Fixed version : 1.1.1p
</plugin_output>

The Rex expression I made works perfectly on the second example I've provided, but not the first. I'm guessing it's due to the </plugin_output> on it.

Any advice for how I can tweak it to work for both sorts of data? Attached is a visual aid of the first example, for clarity. Thank you in advance!