how to get domain name, domain user name from acti...

seetharamanPr · ‎11-22-2016

how to get domain name, domain user name from active directory logs

11/22/2016 04:15:20 PM
LogName=Security
SourceName=Microsoft Windows security auditing.
EventCode=4634
EventType=0
Type=Information
ComputerName=RIYSVSYM-006.KAMC-RD.ngha.med
TaskCategory=Logoff
OpCode=Info
RecordNumber=23190529
Keywords=Audit Success
Message=An account was logged off.

Subject:
Security ID: KAMC-RD\Binshbreenab
Account Name: Binshbreenab
Account Domain: KAMC-RD
Logon ID: 0x322998008

Logon Type: 3

Regards
Pradeep

gcusello · ‎11-22-2016

Hi seetharamanPr,
your regex is (?ms)Account Name:\s(?<Name>\w*)\nAccount Domain:\s(?<Domain>.*)\nLogon\sID:\s(?<Logon_ID>\w*)
as you can see at https://regex101.com/r/Wmrdhy/1
Bye.
Giuseppe

how to get domain name, domain user name from active directory logs

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!