Thank you for your time mate.
Hmm well it might have worked in a tester (it that's where you tested it)
but in the graylog interface it didn't for me.
Nevertheless,I will try again with your version tomorrow at work and keep
the thread updated.
Thanks.
On Monday, July 4, 2016 at 6:33:01 PM UTC+4, kaiser wrote:
>
> Your regex is ok.
>
> Worked for me.
>
> You can otherwise try:
>
> (?mi)Nom du compte : ([a-zA-Z0-9.-]{1,50})
>
> And for the second one you just need to capture Compte cible :D:
>
> (?mi)Compte cible : .*Nom du compte : ([a-zA-Z0-9.-]{1,50})
>
> @peluche
>
>
>
> Le lundi 4 juillet 2016 11:52:03 UTC+2, Zoizo a écrit :
>>
>> Hello,
>>
>> I am looking for a solution to my problem since several hours in vain, so
>> I'm posting here in hope you could help me.
>>
>> I have some logs who follow this scheme (it's in french) :
>>
>>
>>
>> domain.name.com MSWinEventLog 1 Security 665240 Thu Jun 30 14:35:38 2016
>> 4724 Microsoft-Windows-Security-Auditing N/A N/A Success Audit
>> domain.name.com Gestion des comptes d’utilisateur Une tentative de
>> réinitialisation de mot de passe d’un compte a été effectuée. Sujet : ID de
>> sécurité : S-1-5-21-1519999410-1935793592-2975913076-1170 Nom du compte :
>> firstname.lastname Domaine du compte : DOMAIN123 ID d’ouverture de
>> session : 0x21CACB1 Compte cible : ID de sécurité :
>> S-1-5-21-1519999410-1935793592-2975913076-1650 Nom du compte :
>> firstname.lastname Domaine du compte : DOMAIN123 256107419
>>
>> I want to make a regex extractor that will return the value of
>> "firstname.lastname" after "Nom du compte : ". Since there are two "Nom du
>> compte : ", I will use a regex for each of them (and create two fields).
>>
>> I tried to extract the first one with this regex but it's not working
>> (regular expression did not match) :
>>
>> Nom du compte : ([a-zA-Z0-9.-]{1,50})
>>
>> This regex works in a regex tester so I'm kinda lost here... Could anyone
>> provide an answer to this please ?
>>
>> Also, my second question is : if I want to extract the second
>> "firstname.lastname", how would I change my regex to do so ?
>>
>> Would really appreciate some help.
>>
>> Thanks!
>>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/cd253809-10e1-4a39-8032-ca82caf8726a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
