Hello,
I am looking for a solution to my problem since several hours in vain, so
I'm posting here in hope you could help me.
I have some logs who follow this scheme (it's in french) :
domain.name.com MSWinEventLog 1 Security 665240 Thu Jun 30 14:35:38 2016
4724 Microsoft-Windows-Security-Auditing N/A N/A Success Audit
domain.name.com Gestion des comptes d’utilisateur Une tentative de
réinitialisation de mot de passe d’un compte a été effectuée. Sujet : ID de
sécurité : S-1-5-21-1519999410-1935793592-2975913076-1170 Nom du compte :
firstname.lastname Domaine du compte : DOMAIN123 ID d’ouverture de
session : 0x21CACB1 Compte cible : ID de sécurité :
S-1-5-21-1519999410-1935793592-2975913076-1650 Nom du compte :
firstname.lastname Domaine du compte : DOMAIN123 256107419
I want to make a regex extractor that will return the value of
"firstname.lastname" after "Nom du compte : ". Since there are two "Nom du
compte : ", I will use a regex for each of them (and create two fields).
I tried to extract the first one with this regex but it's not working
(regular expression did not match) :
Nom du compte : ([a-zA-Z0-9.-]{1,50})
This regex works in a regex tester so I'm kinda lost here... Could anyone
provide an answer to this please ?
Also, my second question is : if I want to extract the second
"firstname.lastname", how would I change my regex to do so ?
Would really appreciate some help.
Thanks!
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/6ce26dc9-9976-43aa-af46-23bd1d097060%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
