Your regex is ok.
Worked for me.
You can otherwise try:
(?mi)Nom du compte : ([a-zA-Z0-9.-]{1,50})
And for the second one you just need to capture Compte cible :D:
(?mi)Compte cible : .*Nom du compte : ([a-zA-Z0-9.-]{1,50})
@peluche
Le lundi 4 juillet 2016 11:52:03 UTC+2, Zoizo a écrit :
>
> Hello,
>
> I am looking for a solution to my problem since several hours in vain, so
> I'm posting here in hope you could help me.
>
> I have some logs who follow this scheme (it's in french) :
>
>
>
> domain.name.com MSWinEventLog 1 Security 665240 Thu Jun 30 14:35:38 2016
> 4724 Microsoft-Windows-Security-Auditing N/A N/A Success Audit
> domain.name.com Gestion des comptes d’utilisateur Une tentative de
> réinitialisation de mot de passe d’un compte a été effectuée. Sujet : ID de
> sécurité : S-1-5-21-1519999410-1935793592-2975913076-1170 Nom du compte :
> firstname.lastname Domaine du compte : DOMAIN123 ID d’ouverture de
> session : 0x21CACB1 Compte cible : ID de sécurité :
> S-1-5-21-1519999410-1935793592-2975913076-1650 Nom du compte :
> firstname.lastname Domaine du compte : DOMAIN123 256107419
>
> I want to make a regex extractor that will return the value of
> "firstname.lastname" after "Nom du compte : ". Since there are two "Nom du
> compte : ", I will use a regex for each of them (and create two fields).
>
> I tried to extract the first one with this regex but it's not working
> (regular expression did not match) :
>
> Nom du compte : ([a-zA-Z0-9.-]{1,50})
>
> This regex works in a regex tester so I'm kinda lost here... Could anyone
> provide an answer to this please ?
>
> Also, my second question is : if I want to extract the second
> "firstname.lastname", how would I change my regex to do so ?
>
> Would really appreciate some help.
>
> Thanks!
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/3e546d01-60f5-4031-8ad4-34e483042444%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.