Any time I try using the Extract Field option in an event list the next page returns this error:
Error in 'rex' command:
The regex '//' does not extract anything. It should specify at least one named group. Format: (?...).
This used to work but it's been a few months since I tried it. I'm not doing anything special as you can see. The regex is just // yet it returns nothing. I tried restarting Splunk but I think something is broken somewhere.
According to me, you have to mention field name in rex, which you can use further,
Please refer doc for more info: