I would like to take the message section from windows event logs and be able to use the different areas to filter. Right now the message comes across as
"message": "An attempt was made to access an object.\n\nSubject:\n\tSecurity ID:\t\txxxxxxxxxxx\n\tAccount Name:\t\txxxxx\n\tAccount Domain:\t\txxxx\n\tLogon ID:\t\txxxxxx\n\nObject:\n\tObject Server:\tSecurity\n\tObject Type:\tFile\n\tObject Name:\tD:\USERS\xxxxxx\My Pictures\xxxx.jpg\n\tHandle ID:\xxxx\n\nProcess Information:\n\tProcess ID:\txxx\n\tProcess Name:\t\n\nAccess Request Information:\n\tAccesses:\tReadData (or ListDirectory)\n\t\t\t\t\n\tAccess Mask:\t0x1",
I would like to filter the access request information and access part of the message log.
Can anyone help me out with this.
It can be done. But you need to learn enough "markdown" to show what your message looks like. A simple posting will consume * (bold) and _ (newline) as if they as formatting, and \t and \n are not interpreted the way you expect.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.