Wow, that's awesome! Thanks for the help! As a followup, is this able to be extended to extract more than just that one field? I'm seeing in other splunk community posts that rex is able to be used for multiple extractions, but I'm not too well aquainted with regular expressions. For instance, extracting both the First Name and the Vendor as an example, that would produce something like Name, Vendor | Count Bob, Walmart 10 Billy, Walmart 13 Blake, Target 13 Billy, Target 11 The multiple backslashes and quotations are throwing me off in terms of how to add additional fields for extraction.
... View more