Splunk Enterprise

How to write this regex o get SecurityID value?

sbhatnagar88
Path Finder

 

Can some one help me with Regex to get SecurityID value (in Bold) in Target Account.  Below is sample.rex.PNG

**Event in Text form***

03/23/2022 03:20:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4738 EventType=0 Type=Information ComputerName=FRDPLIDC1.emea.loreal.intra TaskCategory=User Account Management OpCode=Info RecordNumber=386009504 Keywords=Audit Success Message=A user account was changed.

Subject: Security ID: EMEA\romain.pruneaux-adm Account Name: romain.pruneaux-adm Account Domain: EMEA Logon ID: 0x31BBDCF0

Target Account: Security ID: EMEA\frclichyloftvcL05.01 Account Name: frclichyloftvcL05.01 Account Domain: EMEA

Labels (1)
Tags (1)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust
Target Account:\s+Security ID:\s+(?<securityId>\S+)

View solution in original post

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
Target Account:\s+Security ID:\s+(?<securityId>\S+)
0 Karma

sbhatnagar88
Path Finder

@ITWhisperer  - Thank you, didn't realize that was so simple..

0 Karma
Get Updates on the Splunk Community!

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco &#43; Splunk! We’ve ...