I am having an issue trying to get the group name for windows security event ID 4765. I am a little new to using regex so I am not sure why it is not working. I used http://regex101.com to help build the regex and it seemed to work. But when I went to run in in Splunk I didn't get any results.
04/19/2018 01:21:15 PM
SourceName=Microsoft Windows security auditing.
TaskCategory=Security Group Management
Message=A member was added to a security-enabled universal group.