I have been tinkering with regex101 for some time now and no luck.
I have a field called sender
I want to regex the sender so that I get
So I want the string to start after @ and end before >
here is what I started with
... | rex field=sender "@(?<domain>.*)"
Any reason for why you like that approach? It is harder to read and if I interpret the regex101 execution info correctly a lot less efficient than a straightforward
Given the 2 line sample from the question, regex101 reports 13 steps for my solution and 125 steps for yours.