Hello,
I am looking for a solution to my problem since several hours in vain, so
I'm posting here in hope you could help me.
I have some logs who follow this scheme (it's in french) :
domain.name.com MSWinEventLog 1 Security 665240 Thu Jun 30 14:35:38 2016
4724 Microsoft-Windows-Security-Auditing N/A N/A Success Audit
domain.name.com Gestion des comptes d’utilisateur Une tentative de
réinitialisation de mot de passe d’un compte a été effectuée. Sujet : ID de
sécurité : S-1-5-21-1519999410-1935793592-2975913076-1170 Nom du compte :
firstname.lastname Domaine du compte : DOMAIN123 ID d’ouverture de
session : 0x21CACB1 Compte cible : ID de sécurité :
S-1-5-21-1519999410-1935793592-2975913076-1650 Nom du compte :
firstname.lastname Domaine du compte : DOMAIN123 256107419
I want to make a regex extractor that will return the value of
"firstname.lastname" after "Nom du compte : ". Since there are two "Nom du
compte : ", I will use a regex for each of them (and create two fields).
I tried to extract the first one with this regex but it's not working
(regular expression did not match) :
Nom du compte : ([a-zA-Z0-9.-]{1,50})
This regex works in a regex tester so I'm kinda lost here... Could anyone
provide an answer to this please ?
Also, my second question is : if I want to extract the second
"firstname.lastname", how would I change my regex to do so ?
Would really appreciate some help.
Thanks!
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/6ce26dc9-9976-43aa-af46-23bd1d097060%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
