Splunk Rex: Extracting fields of a string to a value

Question

I'm a newbie to SPlunk trying to do some dashboards and need help in extracting fields of a particular variable

Here in my case i want to extract only KB_List":"KB000119050,KB000119026,KB000119036" values to a column

Expected output:

KB_List
KB000119050,KB000119026,KB000119036

i have tried:

| rex field=_raw "\*"KB_List":(?<KB_List>\d+)\*"

highlighted the part below in the log

svc_log_ERROR","Impact":4.0,"CategoryId":"94296c474f356a0009019ffd0210c738","hasKBList":"true","lastNumOfAlerts":1,"splunkURL":false,"impactedInstances":"","highestSeverity":"Minor","Source":"hsym-plyfss01","reqEmail":"true","AlertGroup":"TIBCOP","reqPage":"","KB_List":"KB000119050,KB000119026,KB000119036","reqTicket":"true","autoTicket":true,"SupportGroup":"TESTPP","Environment":"UAT","Urgency":4.0,"AssetId":"AST000000000159689","LiveSupportGroup":"TESTPP","sentPageTo":"TESTPP"},"Notification":{"":{"requestId":"532938335"}},"":

Answer 1

Alas:

I figured out by looking into so many articles:

| rex "KB_List\":\"(?<KB_Listed>[^\"]+)" | table KB_Listed

Answer 2

rex field=_raw "KB_List\":\"(?<KB_List>[^\"])\""

This regular expression will look for anything that begins with KB_List":", the capture everything except a ".

In your example, you are only capturing digits (\d+), whereas the contents in the KB_List field also contain characters ("KB" and ",")