Hello
I am trying to get filename (name.exe) from a full path (dir + filename) from windows folders, ex:
C:\dir1\dir2\filename.ext
using code as below:
index = os_sysmon NOT Image="*Sysmon*" EventCode=1
| rex field=Image "Executable=(?P<Executable>[^\\\]+)$"
| table Image Executable
Problem:
Executable always empty
Can you please advise?
best regards
Altin
