I have an event that I want to extract the IP Address and Port number.

Mar 6 13:59:59 192.168.140.215 %ASA-4-106023: Deny udp src outside:xxx.xxx.xxx.xxx/xxxxx dst inside:xxx.xxx.xxx.xxx/xxxxx by access-group "outside_access_in" [0x0, 0x0]

The following search works and produces results.
(sourcetype=cisco_asa AND Deny NOT (search)) | rex field=Outside "outside:(?P[^/])(?P[^ ]*?)" | stats count by OutsideIP | sort -count

But this search works but does not produce any results.
(sourcetype=cisco_asa AND Deny NOT (search)) | rex field=Outside "outside:(?P[^/])(?P[^ ]*?)" | stats count by OutsidePort | sort -count

I have tried many variations to extract the OutsidePort with no success. What am I doing wrong?

Thank you
Randy