I'm searching on Windows Security Auditing logs and the SecurityID field but when I do, I'm realizing that there is a section for Subject and Target Account. I want to be able to extract each into its own unique field so I can search on one or the other. Here's a sample event log. Right now, both account1 and account2 would be in a field called SecurityID and I need to split the two. Thanks!