Hi All, I am trying to capture line starting with a number, I have created a regex and tested it in regex101 site and it is working as expected but when I used the same in Splunk using rex it is failing to capture and the result is blank. https://regex101.com/r/OLUh4A/1 Text: Cluster GUID: xxxxxxxxxxxxxxx Sender OneFS Version: Isilon OneFS v8.0.0.6 B_MR_8_0_0_6_117(RELEASE) Sender Serial Number: xxxxxxx Node 5 Eventgroups ------------------------------------------------------------------------ OneFS Version: Isilon OneFS v8.0.0.6 B_MR_8_0_0_6_117(RELEASE) Serial Number: xxxxxxxx ------------------------------------------------------------------------ ID Started Sev Message ------------------------------------------------------------------------ 136486 09/02 03:33 I SmartQuotas threshold violation on quota exceeded, domain directory /xx/xxxxxxx/NAM/xxxxx/xxxxxx/Cisco Attachment Manifest: Attached: events-000e1ea5fexxxxxx-xxxxxxxxx.xml quotaexceeded.35738 - events-000e1eaxxxxxxxxdccc983-xxxxxx.xml - quotaexceeded.35738 Regex used : [\s\S]*(?<ID>^\d{1,})\s(?<time>\d{2}\/\d{2}\s\d{2}:\d{2})\s{1,}(?<sev>\w)\s{1,}(?<message>[\s\S]*)Attachment\sManifest:[\s\S]* ... View more