Difficulties to apply extractors using regex

Hello @gsmith

Let me explain better to you.

Curious about this statement,

I don’t know if you remember, I have opened a topic before.


And you even helped me to understand better my choices, anyway, the “logs” that I’m talking about are literally data that I extract from MSSQL tables, long story short, I need to get better security event data from a DLP solution and the only way that I was able to do that it’s done this “dirt way” let’s say that.

Following the ideas that you and many have explained to me, I started to write a Powershell script to dump that database data into a file and let Filebeat ship to Graylog.

$SQLServer = "\server"
$db = "dummy_data"
$user = "dummyuser"
$pwd ="dummypass"

  $selectdata = "SELECT TOP 5
  FROM [dummy_data].[pbi].[data_security_view] ORDER BY date_time DESC"
$dump = Invoke-Sqlcmd -ServerInstance $SQLServer -Username $user -Password $pwd -Database $db -Query $selectdata 

for ($count=0; $count -lt $dump.Count; $count++)
     echo "$("pc_name="+$dump[$count].pc_name) $("user_name="+$dump[$count].user_name) $("file_name="+$dump[$count].file_name) $("operation="+$dump[$count].operation)"  >> "C:\Program Files\Management Console\Logs\dummy_logs.log"

I know this is not pretty, but it’s a start, so, as you can see in my ugly code after I perform a select I dump the output into a text file, and the file looks like this.

So, it’s basically that.