diff --git a/doc/source/development/notebooks/processor_examples/regex.ipynb b/doc/source/development/notebooks/processor_examples/regex.ipynb
index f933f9e62..98bea7756 100644
--- a/doc/source/development/notebooks/processor_examples/regex.ipynb
+++ b/doc/source/development/notebooks/processor_examples/regex.ipynb
@@ -21,7 +21,7 @@
     "    'data_stream': {\n",
     "        'dataset': 'windows', \n",
     "        'namespace': 'devopslab', \n",
-    "        'type': 'logs'\n",
+    "        'type': '/logs/'\n",
     "        }, \n",
     "    '_op_type': 'create'\n",
     "    }\n",
@@ -96,7 +96,7 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 3,
+   "execution_count": 20,
    "metadata": {},
    "outputs": [
     {
@@ -110,12 +110,9 @@
      "name": "stdout",
      "output_type": "stream",
      "text": [
-      "\n",
-      "\n",
-      "[Deprecation warning]: regex_fields are no longer necessary. Use lucene regex annotation.\n",
-      "before: {'data_stream': {'dataset': 'windows', 'namespace': 'devopslab', 'type': 'logs'}, '_op_type': 'create'}\n",
-      "after: {'data_stream': {'dataset': 'windows', 'namespace': 'devopslab', 'type': 'logs'}, '_op_type': 'create', '_index': 'logs-windows-devopslab'}\n",
-      "True\n"
+      "before: {'data_stream': {'dataset': 'windows', 'namespace': 'devopslab', 'type': '/logs/'}, '_op_type': 'create'}\n",
+      "after: {'data_stream': {'dataset': 'windows', 'namespace': 'devopslab', 'type': '/logs/'}, '_op_type': 'create'}\n",
+      "False\n"
      ]
     }
    ],
@@ -138,6 +135,47 @@
     "concat_with_rule(rule_yaml)\n"
    ]
   },
+  {
+   "cell_type": "code",
+   "execution_count": 24,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stderr",
+     "output_type": "stream",
+     "text": [
+      "[Deprecated]: regex_fields are no longer necessary. Use Lucene regex annotation.\n"
+     ]
+    },
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "before: {'data_stream': {'dataset': 'windows', 'namespace': 'devopslab', 'type': '/logs/'}, '_op_type': 'create'}\n",
+      "after: {'data_stream': {'dataset': 'windows', 'namespace': 'devopslab', 'type': '/logs/'}, '_op_type': 'create'}\n",
+      "False\n"
+     ]
+    }
+   ],
+   "source": [
+    "rule_yaml = \"\"\"---\n",
+    "filter: 'data_stream.type: \"/d.*lo.*/\"'     \n",
+    "regex_fields:\n",
+    "  - \"data_stream.type\"\n",
+    "concatenator:\n",
+    "  source_fields:\n",
+    "    - data_stream.type\n",
+    "    - data_stream.dataset\n",
+    "    - data_stream.namespace\n",
+    "  target_field: _index\n",
+    "  separator: \"-\"\n",
+    "  overwrite_target: false\n",
+    "  delete_source_fields: false\n",
+    "\"\"\"\n",
+    "\n",
+    "concat_with_rule(rule_yaml)\n"
+   ]
+  },
   {
    "cell_type": "markdown",
    "metadata": {},
@@ -147,22 +185,62 @@
   },
   {
    "cell_type": "code",
-   "execution_count": 4,
+   "execution_count": 31,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "before: {'data_stream': {'dataset': 'windows', 'namespace': 'devopslab', 'type': '/logs/'}, '_op_type': 'create'}\n",
+      "after: {'data_stream': {'dataset': 'windows', 'namespace': 'devopslab', 'type': '/logs/'}, '_op_type': 'create', '_index': '/logs/-windows-devopslab'}\n",
+      "False\n"
+     ]
+    }
+   ],
+   "source": [
+    "rule_yaml = \"\"\"---\n",
+    "filter: 'data_stream.type: /.*lo.*/'    \n",
+    "concatenator:\n",
+    "  source_fields:\n",
+    "    - data_stream.type\n",
+    "    - data_stream.dataset\n",
+    "    - data_stream.namespace\n",
+    "  target_field: _index\n",
+    "  separator: \"-\"\n",
+    "  overwrite_target: false\n",
+    "  delete_source_fields: false\n",
+    "\"\"\"\n",
+    "concat_with_rule(rule_yaml)\n"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 20,
    "metadata": {},
    "outputs": [
+    {
+     "name": "stderr",
+     "output_type": "stream",
+     "text": [
+      "[Deprecated]: regex_fields are no longer necessary. Use Lucene regex annotation.\n"
+     ]
+    },
     {
      "name": "stdout",
      "output_type": "stream",
      "text": [
-      "before: {'data_stream': {'dataset': 'windows', 'namespace': 'devopslab', 'type': 'logs'}, '_op_type': 'create'}\n",
-      "after: {'data_stream': {'dataset': 'windows', 'namespace': 'devopslab', 'type': 'logs'}, '_op_type': 'create', '_index': 'logs-windows-devopslab'}\n",
-      "True\n"
+      "before: {'data_stream': {'dataset': 'windows', 'namespace': 'devopslab', 'type': '/logs/'}, '_op_type': 'create'}\n",
+      "after: {'data_stream': {'dataset': 'windows', 'namespace': 'devopslab', 'type': '/logs/'}, '_op_type': 'create'}\n",
+      "False\n"
      ]
     }
    ],
    "source": [
     "rule_yaml = \"\"\"---\n",
-    "filter: 'data_stream.type: \"/.*lo.*/\"'    \n",
+    "filter: 'data_stream.type: \".*lo.*\"'     \n",
+    "regex_fields:\n",
+    "  - \"data_stream.type\"\n",
     "concatenator:\n",
     "  source_fields:\n",
     "    - data_stream.type\n",
@@ -173,8 +251,23 @@
     "  overwrite_target: false\n",
     "  delete_source_fields: false\n",
     "\"\"\"\n",
+    "\n",
     "concat_with_rule(rule_yaml)\n"
    ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": []
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": []
   }
  ],
  "metadata": {