I am trying to filter messages coming in from my Windows event log but the filter does not appear to be working. What do I need to do to make the filtering work for these types of messages? The regular expression I am trying to use is .*Google Update.* which I have tested in regexpal and it finds the line in the message so I am confused why these messages still show up in Sumo Logic.
Here is an example log message:
ComputerName = "XXXXXXXX";
EventIdentifier = 7036;
EventType = Information;
Logfile = "System";
Message = "The Google Update Service (gupdate) service entered the running state.
RecordNumber = 138916;
SourceName = "Service Control Manager";
TimeGenerated = "20130226235600.000000-000";
TimeWritten = "20130226235600.000000-000";
Please sign in to leave a comment.