Go to All Forums

Windows Event Logs groupby Account name

by info

Hello,
in Windows Event Logs, the Account Name is in the message and is not considered a variable. how can I make a "search" to have a result with the Account Name ?
eg
logtype="Windows Event Logs" and eventid="4625" and type CONTAINS "Security" groupby Account Name
Thanks for your help.

Like (1) Reply
Replies (1)

Hi,

You may make use of derived field support opion in Applogs by adding a RegEx rule to the message data to extract the necessary information. 

Please go through this document to know how to configure.

Regards,

Jenzo

Site24x7

Like (0) Reply
Was this post helpful?

Statistics

1 Replies
177 Views
0 Followers

Tags