IF your pattern is actually in the format of
com.abc.xyz.service.exception.MY ERROR: null
And you want whatever is between the last dot and the colon, then this works:
| rex field=_raw "\.(?<errcode>[\w\s]+)\:"
from User warren – Stack Overflow https://stackoverflow.com/questions/76690264/parsing-raw-text-in-splunk-between-a-word-pattern/76699892#76699892
via IFTTT