Hello,

One of these works, One does not

1.] index="conmon" earliest>="01/01/2022:00:00:000" source="AwesomeCloudPOAM.xml" | rex field=_raw "<version>(?<version>[^<]+)</version>" | table version , which works fine and brings back value from the xml node.  however, this search fails every time:

2.] index="conmon" earliest>="01/01/2022:00:00:000" source="AwesomeCloudPOAM.xml" | rex field=_raw "<oscal-version>(?<oscal-version>[^<]+)</oscal-version>" | table oscal-version

with this error: Error in 'rex' command: Encountered the following error while compiling the regex '<oscal-version>(?<oscal-version>[^<]+)</oscal-version>': Regex: syntax error in subpattern name (missing terminator).

Can anyone help me?