I need to extract the account name from this snippet of a Windows security event log:
Account For Which Logon Failed: Security ID: NULL SID Account Name: Joe User Account Domain: Some.Domain
This is the expression I'm using:
Which gives me this result:
How do I account for the white space to get the rest of the account name to show up in the result?