Splunk Enterprise

How to write this regex o get SecurityID value?

sbhatnagar88
Path Finder

 

Can some one help me with Regex to get SecurityID value (in Bold) in Target Account.  Below is sample.rex.PNG

**Event in Text form***

03/23/2022 03:20:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4738 EventType=0 Type=Information ComputerName=FRDPLIDC1.emea.loreal.intra TaskCategory=User Account Management OpCode=Info RecordNumber=386009504 Keywords=Audit Success Message=A user account was changed.

Subject: Security ID: EMEA\romain.pruneaux-adm Account Name: romain.pruneaux-adm Account Domain: EMEA Logon ID: 0x31BBDCF0

Target Account: Security ID: EMEA\frclichyloftvcL05.01 Account Name: frclichyloftvcL05.01 Account Domain: EMEA

Labels (1)
Tags (1)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust
Target Account:\s+Security ID:\s+(?<securityId>\S+)

View solution in original post

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
Target Account:\s+Security ID:\s+(?<securityId>\S+)
0 Karma

sbhatnagar88
Path Finder

@ITWhisperer  - Thank you, didn't realize that was so simple..

0 Karma
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...