Hi,
I have the following event:
017/09/25 10:58:57 Client logging in as robertE on DB1...
Connect to Oracle failed:
ORA-01017: invalid username/password; logon denied
ERROR:User login failed!
I am ok to extract the username via regex:
` ... | rex field=_raw "Client logging in as "(?\w+)`
but how do I also match the "failed" word in the 2nd line in order to differentiate successful & failed logons?
Thanks! :)
↧