I have a rex built that when plugged into rex101 works fine, but when applied via a Splunk query, returns a blank result.

Text:

2022/02/01 23:07:26.979 [ERROR] [nrfClient.Discovery.nrf] Message send failed, response [Type:ABC Http2_Status:404 CauseCode:"CONTEXT_NOT_FOUND" RetryExhausted:true MsgType:1434 ServiceName:nabc SelectedProfileName:"abc-profile" FailureProfile:"FHABC" GroupID:"ABC-*" ]

rex:

Http2_Status:\d{3}\sCauseCode:\"(?<Error2>\w+)\"\s

rex101 result:

CONTEXT_NOT_FOUND

But when plugged into Splunk, it comes back with a blank result.