I wrote a regex for my SIEM to capture the Caller Computer Name for Windows Security Event 4740 - User Account Lockout.
The problem is that sometimes the "Caller Computer Name" field has a null or empty value and my regex does not account for it. The residual affect is that it is causing syntax problems in my custom email notification any time an event is captured with a blank value.
See link on Regex101:
Caller Computer Name:\s+([^ ]+)
Caller Computer Name:
The regex will match if there is an empty value since
* matches for 0 or more oven if there is no character following the String.
/Caller Computer Name:\s*[^ ]*/