I have a regex to extract filename from object field. This works completely fine in Search. index="test" | rex field=object "(?P<fileName>[^\\\]+)$" However, when I try to input the below custom code in Splunk SOAR, it always returns an error "HTTP 400 Bad Request -- Error in 'rex' command: Encountered the following error while compiling the regex '(?P<fileName>[^\\]+)$': Regex: missing terminating ] for character class." sql_search_query=rf""" index="test" | rex field=object "(?P<fileName>[^\\\]+)$" """ parameters = [] parameters.append({ "command": "search", "search_mode": "smart", "add_raw_field": False, "query": sql_search_query, "parse_only": True, "start_time": "-90d", "end_time": 0, }) ... View more