Hi I have a field called ObjectD which is always different for each events But in this field, there is always à character chain which begins by OU= and DC= Example OU=Admin, OU=toto, OU=Utilsateur, DC=abc, DC=def I need to filter the events where OU=Admin or OU=Utilisateurs and DC=abc So i am doing this in my search after the stats | where match(ObjectD,"OU=Admin|OU=Utilisateurs),DC=abc") But it returns anything I also need to create a new field with the name of the OU but because the first clause doesnt works the rex command doesnt works too Here is my rex | rex field=ObjectD "^[^=]+=[^=]+=(?<OU>[^,]+)" Could you help please?
... View more