TechQA.

How can i extract just the usernames from the log event message. I used the parse function , but it still doesn't display the usernames

29 views Asked by At

This is one of the log event message

2023:12:05-09:54:47 streamname aua[12826]: id="1234" severity="warn" sys="System" sub="auth" name="Authentication failed" scrip="0.0.0.0" host="" user="Ted" caller="openvpn" reason="DENIED"

This is the query I have been using :

filter @message like /failed/ |parse @message /(?<@user>user="([^"]+)")/ |stats(distinct(@user)) AS usernames

amazon-web-services amazon-cloudwatchlogs aws-cloudwatch-log-insights amazon-cloudwatch-events
Original Q&A
0

There are 0 answers

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AMAZON-CLOUDWATCHLOGS

Related Questions in AWS-CLOUDWATCH-LOG-INSIGHTS

Related Questions in AMAZON-CLOUDWATCH-EVENTS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions