Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to split out the Windows Event Log Description field with formula 1

Status
Not open for further replies.
michbell

michbell

Technical User
Aug 12, 2004
25
US
I'm trying to use CR to run more manipulate-able reports of the windows event log. The problem is that most of the info I need to be able to split out is in the field "description". Here's an example of what's contained in this field:

The Windows Filtering Platform has blocked a connection.

Application Information:
Process ID: 516
Application Name: \device\harddiskvolume2\windows\system32\svchost.exe

Network Information:
Direction: Inbound
Source Address: 255.255.255.255
Source Port: 5200
Destination Address: 10.1.10.27
Destination Port: 57094
Protocol: 0

Filter Information:
Filter Run-Time ID: 85988
Layer Name: Receive/Accept
Layer Run-Time ID: 44

I want to be able to split out each line, basically. So I want to have a formula for Application Name that only returns "\device\harddiskvolume2\windows\system32\svchost.exe" and another formula for Destination Address that returns "10.1.10.27". Since the number of characters before and after each of these lines will vary, I can't use Right(,) or Left(,).

Anybody have an easy way to do this? Thanks in advance!
 
Sort by date Sort by votes
There might be a better way to do this, but I was able to get the fields out by using a combination of trimming left and right. For Source Address, this is what I did:

trim(
left(
trim(right({Security.Description}, length({Security.Description})- 16 - instr({Security.Description}, "Source Address:")))
,-11 + instr(trim(right({Security.Description}, length({Security.Description})- 16- instr({Security.Description}, "Source Address:"))), "Source Port:")
)
)
 
Upvote 0 Downvote
split({Source Address},":")[2]



split({Application Name},":")[2]


_____________________________________
Crystal Reports 2008 and XI
Intersystems Cache 2012 ODBC connection

 
Upvote 0 Downvote
That's a bit less complicated! hahaha. Thanks CoSpringsGuy!!!!
 
Upvote 0 Downvote
Create two formulas:

//{@ApplicationName}:
stringvar x := {table.field};
stringvar y := extractstring(x,"Application name: ",chr(13));

//{@DestinationName}:
stringvar x := {table.field};
stringvar z := extractstring(x,"Destination Address: ",chr(13));

-LB
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Corinne30
  • Locked
  • Question
Division of currency formula with/without rounding
Replies
7
Views
649
dgillz
dgillz
T
  • Locked
  • Question
Date comparison Formula
Replies
2
Views
429
TPG_IT
T
john432
  • Locked
  • Question
Crystal Report formula (finding with key words) 1
Replies
2
Views
309
john432
john432
B
  • Locked
  • Question
Difference of a field between 2 variable dates
Replies
1
Views
188
hilfy
hilfy
socalvelo
  • Locked
  • Question
Extract Phone Numbers from Text Field
Replies
0
Views
234
socalvelo
socalvelo

Part and Inventory Search

Sponsor

Back
Top