Hi Splunkers,
With the Splunk Active Directory logs, Splunk parses the event as though there's no difference between the actor and the target of a critical event like a new account being created. How can i able to give a different name to the targeted account? Is there any way other than Regex?
Attaching a screenshot. TIA
Hi @revanthammineni,
no regex is the only way to extract that kind of data.
Anyway, I had many problems with regexes, but when I learned to use them a new world was open for me, so I recommend that you work hard to learn how to use regexes.
Ciao.
Giuseppe