Search from Last Occurrence of a string

Hello Experts, I am trying to read the text from the last square bracket (which is TestModelCompany,en_US) 21:11:31,367 INFO [TestBenuLogger] [155.56.208.68] [716057] [-] [TestModelCompany,en_US] No 1 XX_TimeStep="10" XX_TimeQuery="10" XX_HTTPSession="1398708550-1911P0" XX_QuerySession="null" XX_TimeStamp="2020-02-09T20:11:31.358Z-PY" XX_Company="Model Company" XX_QueryMode="STANDARD" XX_Agent="Model" Starting Model API : Mode : Standard Query Operation : QUERY Company : Model Company New Snapshot Calculation I wrote a regular expression to extract the content from last bracket, (?<=\[)[^\[\]]*(?=][^\[\]]+$) It works well. However I am unable to integrate it in the splunk, This is my existing splunk query, sourcetype=text XX_Company="*" last_modified_on index="*_test_application" | rex field=_raw "last_modified_on.*?to_datetime\('(?.*?):\d\d\w\'" | eval lmo_date_converted=strptime(lmo_date,"%Y-%m-%dT%H:%M") | eval daysDiff=(_time-lmo_date_converted)/86400 | rex field=_raw "(?<=\[)[^\[\]]*(?=][^\[\]]+$)" | where daysDiff > 90 | stats avg(daysDiff) as "Last Modified On averege days in past", max(daysDiff) as "Max Value Of Last Modified On" by XX_Company XX_Mode | sort -"Last Modified On averege days in past" This is a working splunk query. With this, I would like to display the content from last bracket as column. Could you guide?