Hi guys,
I need to exclude whenever there is $ in TargetUserName:
Can someone please guide me how to?
I have following query
EventID:4624 AND NOT TargetUserName:(SYSTEM WINFGTDNS01$)
So would like to exclude all entries which has $ in it
I am not very sure if this can work as expected in your use case but you can give a try querying like below:
EventID:4624 AND NOT TargetUserName:"*$*"
PS You need to cross check the validity of results obtained form the query above.
1 Like
if you use * at the beginning you should check and enable the graylog’s allow_leading_wildcard_searches option in server.conf
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.