You can either use the first method and then filter out events where "your_new_field" is null (because the regex didn't match anything). Or you could run the second command given to filter out the relevant events, and then pipe that to the first command to actually do the extraction.
... View more