RegExLib.com - The first Regular Expression Library on the Web!

Please support RegExLib Sponsors

Sponsors

Regular Expression Details

Title Test Find Splunk Win Security EventLog Type Filtering
Expression
=(?m)^(LogName=(Security).*)\n(SourceName=.*)\n(EventCode=.*)\n(EventType=.*)\n(Type=(Success Audit|Information).*)\n(ComputerName=(HOSTNAME1|HOSTNAME2|HOSTNAME3).*)\n
Description
RE used by Splunk Forwarder in transforms.conf to select Win Security events from specified list of hostnames. Please note that matching examples do not show newlines between each name=value pair. These newlines are present in the RE input data and so are included in the RE as \n
Matches
01/30/13 04:02:41 PMLogName=SecuritySourceName=SecurityEventCode=529EventType=16Type=InformationComputerName=HOSTNAME1User=SYSTEMSid=S-1-5-18SidType=1 | 01/30/13 04:02:41 PMLogName=SecuritySourceName=SecurityEventCode=529EventType=16Type=Success AuditComputerName=HOSTNAME1User=SYSTEMSid=S-1-5-18SidType=1 | 01/30/13 04:02:41 PMLogName=SecuritySourceName=SecurityEventCode=529EventType=16Type=InformationComputerName=HOSTNAME3.domain.comUser=SYSTEMSid=S-1-5-18SidType=1
Non-Matches
01/30/13 04:02:41 PMLogName=SecuritySourceName=SecurityEventCode=529EventType=16Type=Failure AuditComputerName=HOSTNAME1User=SYSTEMSid=S-1-5-18SidType=1 | 01/30/13 04:02:41 PMLogName=SecuritySourceName=SecurityEventCode=529EventType=16Type=InformationComputerName=HOSTNAME6User=SYSTEMSid=S-1-5-18SidType=1 | 01/30/13 04:02:41 PMLogName=SecuritySourceName=SecurityEventCode=529EventType=16Type=Success AuditComputerName=HOSTNAME3User=SYSTEMSid=S-1-5-18SidType=1
Author Rating: Not yet rated. Neil Battersby
Source
Your Rating
Bad Good

Enter New Comment

Title

Name

Comment

Spammers suck - we apologize. Please enter the text shown below to enable your comment (not case sensitive - try as many times as you need to if the first ones are too hard):

Existing User Comments

Copyright © 2001-2025, RegexAdvice.com | ASP.NET Tutorials