I need to extract the account name from this snippet of a Windows security event log:
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Joe User
Account Domain: Some.Domain
This is the expression I'm using:
rex "Failed:\s+.*\s+Account\sName:\s+(?\S+)\s"
Which gives me this result:
TargetAccount
Joe
How do I account for the white space to get the rest of the account name to show up in the result?
↧