I want to parse Account Name field in Windows Security Logs. So i was try to parse with Grok patterns and also regular expression but i failed. If anyone can help me about it, i will be so appreciative.
test…local WIN-NXLOG 2022-06-02 12:01:38;“AUDIT_FAILURE”;“ERROR”;“Security”;“test…local”;4625;“Microsoft-Windows-Security-Auditing”;“-”;“-”;“-”;"An account failed to log on. Subject: Security ID: S-1-5-18 Account Name: test$ Account Domain: test Logon ID: 0x3E7 Logon Type: 3 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: parse_account Account Domain: test