Thanks @tmacgbay this worked very good, had to share
rule "Graylog Web Access User Convert"
when
contains(to_string($message.message),"UID=")
then
let robin = to_string($message.message);
let batman = replace(robin, "1914600003", "cat.women");
let batman = replace(robin, "100100110010011001001", "tad.sherrill");
let batman = replace(robin, "987324e32874ff32892b2829", "gsmith");
// changed the number of digits count to be required between 6 and 10 {6,10}
let batman = regex_replace("(?<=UID\\=)(?>\\d{6,10})",robin,"USER_NOT_FOUND",false);
set_field("message",batman);
end