I am new to Sumo Logic and am trying to understand how to use the parse regex operator. I would like to be able to parse variable information but am having trouble understanding the expressions to use and what each symbol signifies. I'm fairly new to coding as well, so I'm not sure if Sumo Logic is based off another language that I can look up and study, but it would be appreciated if someone could point me in the right direction of where to find a breakdown of expressions. I think having a good grasp of Regex will be very useful for future queries so any help is appreciated! An example of something I would like to Regex would be the account name of the user that failed to login.
Computer = "AWSSouth-ADFS02.fakedomain.local";
EventCode = 4625;
EventIdentifier = 4625;
Logfile = "Security";
RecordNumber = 3069646;
SourceName = "Microsoft-Windows-Security-Auditing";
TimeGenerated = "20170930124836.000000-000";
TimeWritten = "20170930124836.000000-000";
Type = "Audit Failure";
EventType = 5;
Category = 12544;
CategoryString = "Logon";
Message = "An account failed to log on.
Security ID: S-1-5-21-1074439237-558803454-2912513782-17121
Account Name: svc-adfs
Account Domain: FDOMAIN
Logon ID: 0x15BC79
Logon Type: 3
Account For Which Logon Failed:
Security ID: S-1-0-0
Account Name: email@example.com
Please sign in to leave a comment.