Query Returns Hardcoded values but not when Watchlist is used for partial match

I am trying to create a usecase to partially match a text in a field and when that match also exists in a watchlist, but it only returns data when data is used hardcoded not when watchlist is placed!

QUERY WITH WATCHLIST: No data returned

let timeFrame = 1d;
let getExtensions = _GetWatchlist('EncryptedFileExtensions')
| project Extensions = ['FileExtensions']
;
Event
| where TimeGenerated >= ago(timeFrame)
| where Source == "Microsoft-Windows-Sysmon"
| where EventID == '11' or EventID == '15'
| where EventData in (getExtensions)
| parse EventData with * 'TargetFilename">C:' FilePathAndExt ':Zone.Identifier<' *
| where FilePathAndExt matches regex@'([\.]\w+)'
| summarize count() by FilePathAndExt

QUERY WITHOUT WATCHLIST: Returns Data

Event
| where Source == "Microsoft-Windows-Sysmon"
| where EventID == '11' or EventID == '15'
| where EventData contains ".ods" or EventData contains ".rtf" or EventData contains ".odp"
| parse EventData with * 'TargetFilename">C:' FilePathAndExt ':Zone.Identifier<' *
| where FilePathAndExt matches regex@'([\.]\w+)'
| summarize count() by FilePathAndExt

Any suggestion would be highly appreciated!