Regular Expressions 101

Community Patterns

Splunk field extract for Cisco SEC_LOGIN event logs

0

Regular Expression
Python

r"
^.*SEC_LOGIN-\d-LOGIN_\w+: Login (?P<Cisco_SEC_LOGIN_Result>[^\s]+) \[user: (?P<Cisco_SEC_LOGIN_User>[^\s]*)\] \[Source: (?P<Cisco_SEC_LOGIN_SrcIP>[^\]]+)\] .+
"
g

Description

no description available

Submitted by jasont91@gmail.com - 7 years ago