I want to remove lot of rows in windows eventlog.
I tested it on EventCode=4624 - successful login
02/01/2018 09:56:03 AM
LogName=Security
SourceName=Microsoft Windows security auditing.
EventCode=4624
EventType=0
Type=Information
ComputerName=COMPUTER1
TaskCategory=Logon
OpCode=Info
RecordNumber=1072237543
Keywords=Audit Success ...
but I cannot get it working. I want to use SEDCMD, but before that I tried in search with rex command in sed mode, but something like that:
rex mode=sed "s/(?!Type=\w+).+//g"
got me only one letter "T" as below:
T
What I am doing wrong?
Maybe I should use transforms instead?
... View more