In your environment, you should try:

<your search>
| rex field=<fieldname> "^(?<custom_fieldname>[^\.]+)"

try this run anywhere search:

| makeresults 
| eval data="24611_abce.XXX.AAA.com,24612_r1q2e3.XXX.AAA.com,null,null,4iop45_q7w8e9.XXX.AAA.com,hki90lhf3_m1n2b3.QQQQ.AAA.com" 
| makemv data delim="," 
| mvexpand data 
| rex field=data "^(?<data>[^\.]+)"

let me know if this helps!