Skip to content

Item Preprocessing with Regex

Video Lecture

Item Preprocessing with Regex Item Preprocessing with Regex

 (Pay Per View)

You can use PayPal to purchase a one time viewing of this video for $1.49 USD.

Pay Per View Terms

  • One viewing session of this video will cost the equivalent of $1.49 USD in your currency.
  • After successful purchase, the video will automatically start playing.
  • You can pause, replay and go fullscreen as many times as needed in one single session for up to an hour.
  • Do not refresh the browser since it will invalidate the session.
  • If you want longer-term access to all videos, consider purchasing full access through Udemy or YouTube Memberships instead.
  • This Pay Per View option does not permit downloading this video for later viewing or sharing.
  • All videos are Copyright © 2019-2025 Sean Bradley, all rights reserved.

Description

In this lecture, I add a pre-processing step to the item that instructs the agent to read the windows failed logon events.

The regular expressions demonstrated in this video are,

Regex Output Description
(.*) \0 Returns only the first line of the complete failed logon event text.
Account Name:\t\t(.*) \1 Returns the 1st occurrence of the Account Name in the log text, that created the event.
Account Name:(.|\n)*\tAccount Name:\t\t(.*) \2 Returns the 2nd occurrence of the Account name in the log that created the event.

Item value preprocessing

Regex 101