To extract the "nom du compte" and "nom de l'ordinateur de l'appelant" from the log text using a regular expression, you can use the following pattern:

Compte verrouillé.*\n+.*\n+.*\n+.*\s+(.*)\n+.*\s+(.*)

This regular expression will match the following text: "Compte verrouillé", followed by any number of lines, followed by the "nom du compte" and "nom de l'ordinateur de l'appelant" values. The first group (\1) will contain the "nom du compte" value, and the second group (\2) will contain the "nom de l'ordinateur de l'appelant" value.

To use this regular expression in a preprocessing rule in Zabbix, you can use the following syntax:

regexp(eventlog[Security,,,,4740,,skip],Compte verrouillé.*\n+.*\n+.*\n+.*\s+(.*)\n+.*\s+(.*))

This will apply the regular expression to the "eventlog[Security,,,,4740,,skip]" value and return the matched groups as output. The first group (\1) will be returned as the first value, and the second group (\2) will be returned as the second value.

I hope this helps! Let me know if you have any questions.
​

That's great. I was impressed by your writing. I am happy to see such a topic. Please come to my blog and read it.

Hi, thanks for your help.
it doesn’t work, I don’t have any error but no data collected.
i literally write
regexp(eventlog[Security,,,,4740,,], Compte\sverrouillé.*\n+.*\n+(.*)\n+.*\s+(.*))
in a preprocessing rule and add \1 \2 in output
it’s Ok ?

​​