I am comfortable with the rex command when straightforward text strings are involved. I've got something that is decidedly NOT a straightforward text string.  It is a substring in a larger log entry (not shown) and looks like this: RESULTVECTOR="{2106177} EMAAC02:0(16)/EMACC65:0(68)/BPOSTK01:0(476[11+436+11])/BPOSCC01:0(2072)/BPOSTK01:0(629[15+590+9])/BPOSCC02:0(867)/EMACC28:0(42)/BPOSRT01:0(101)/EMACC65:0(129)/BPOSRT10:0(2063152[15+2063087+31])/EMACC65:0(30)/EMAAC10:0(37884[13+37829+25])/EMACC51:0(23) The first part identifies complex substring part (RESULTVECTOR) and the overall response time for a transactions.   The rest is a set of sorta-name-value-pairs (delimited by "/") that tell me a <sub-process name>:<sub-process response code>(<sub-process response time>)[<optional set of sub-sub-process response times of arbitrary length, delimited by "+">]  I want to recursively process this string to, at a minimum, the total response time and a set of details for each sub-process (I am willing to ignore the sub-sub-process data for now). I can't get past the first sub-process.  My attempt at rex so far is: rex field=_raw max_match=100 " RESULTVECTOR=\"{(?<TOTAL_RESP>.*)} (?<A_PROC>\w+):(?<A_RC>\d+)\((?<A_RESP>\d+).*" Is it even possible to capture the data I need using rex?    ... View more