"(?<test>.*)" basically match everything on this field. When we are adding "_\d{4}_\d{2}_\d{2}_\d{2}_\d{2}$" we are requiring that at the end of this string there are _ + 4 digits + _ + 2 digits ... etc. and everything before that is put on test field. So based on your string just add those _\d{4} and _\d{2} to correct places. And if those days, hours, minutes and seconds can be only in one (1) digit long then use _\d{1,2} to catch also those.
So based on your screenshot you should use e.g.
rex field=test max_match=0 "(?<test>.*)_\d{4}_\d{2}_\d{2}_\d{2}_\d{2}$"
If you are using name test on field and in capture group then you are replacing the content of this field with file name instead of creating a new field for file_name. So if you need the original file name later on then it's better to use something else than test as a capture group name.
r. Ismo
