RegExLib.com - The first Regular Expression Library on the Web!

Please support RegExLib Sponsors

Sponsors

Expressions by User

   Displaying page 1 of 1 pages; Items 1 to 1
Title Test Details Splunk Win Security EventLog Type Filtering
Expression
=(?m)^(LogName=(Security).*)\n(SourceName=.*)\n(EventCode=.*)\n(EventType=.*)\n(Type=(Success Audit|Information).*)\n(ComputerName=(HOSTNAME1|HOSTNAME2|HOSTNAME3).*)\n
Description
RE used by Splunk Forwarder in transforms.conf to select Win Security events from specified list of hostnames. Please note that matching examples do not show newlines between each name=value pair. These newlines are present in the RE input data and so are included in the RE as \n
Matches
01/30/13 04:02:41 PMLogName=SecuritySourceName=SecurityEventCode=529EventType=16Type=InformationComputerName=HOSTNAME1User=SYSTEMSid=S-1-5-18SidType=1 | 01/30/13 04:02:41 PMLogName=SecuritySourceName=SecurityEventCode=529EventType=16Type=Success AuditComputerName=HOSTNAME1User=SYSTEMSid=S-1-5-18SidType=1 | 01/30/13 04:02:41 PMLogName=SecuritySourceName=SecurityEventCode=529EventType=16Type=InformationComputerName=HOSTNAME3.domain.comUser=SYSTEMSid=S-1-5-18SidType=1
Non-Matches
01/30/13 04:02:41 PMLogName=SecuritySourceName=SecurityEventCode=529EventType=16Type=Failure AuditComputerName=HOSTNAME1User=SYSTEMSid=S-1-5-18SidType=1 | 01/30/13 04:02:41 PMLogName=SecuritySourceName=SecurityEventCode=529EventType=16Type=InformationComputerName=HOSTNAME6User=SYSTEMSid=S-1-5-18SidType=1 | 01/30/13 04:02:41 PMLogName=SecuritySourceName=SecurityEventCode=529EventType=16Type=Success AuditComputerName=HOSTNAME3User=SYSTEMSid=S-1-5-18SidType=1
Author Rating: Not yet rated. Neil Battersby
   Displaying page 1 of 1 pages; Items 1 to 1

Copyright © 2001-2025, RegexAdvice.com | ASP.NET Tutorials