Hello

Im trying to run this query from Splunk API and getting this error:

'rex' is not recognized as an internal or external command,
operable program or batch file.

Can you help me please?

"index=wineventlog sourcetype=\"WinEventLog:Security\" (EventCode=4698 OR EventCode=4702) *ADDC*\n|  where LIKE(Account_Name,\"%$\")\n|  eval operation=(if(EventCode==4698,\"new\",\"update\"))\n|  rex field=Message \"<Command>(?<Command>[^\\;]+)</Command>\"\n|  rex field=Message \"<Arguments>(?<Arguments>[^\\;]+)</Arguments>\"\n|  rex field=Message \"<UserId>(?<UserId>[^\\;]+)</UserId>\"\n|  where !LIKE(Command,\"%sc.exe\")\n|  where !LIKE(Command,\"%usoclient.exe\")\n|  where !LIKE(Command,\"%ceipdata.exe\")\n|  where !LIKE(Command,\"%OfficeC2RClient.exe\")\n|  where !LIKE(Command,\"%rundll32.exe\")\n|  where !LIKE(Command,\"%wermgr.exe\")\n|  where !LIKE(Command,\"%MusNotification.exe\")\n|  where !LIKE(Command,\"%MpCmdRun.exe\")\n|  where !LIKE(Command,\"%SymErr.exe\")\n|  eval user=case(UserId==\"S-1-5-18\",\"Local System\",UserId==\"S-1-5-19\",\"Local Service\",UserId==\"S-1-5-20\",\"Network Service\",true(),UserId)\n|  stats values(Task_Name) as taskname values(operation) as event by _time Account_Name Command Arguments user\n|  sort - _time"