How to I exclude $ in my searches

Hi guys,

I need to exclude whenever there is $ in TargetUserName:

Can someone please guide me how to?

I have following query

EventID:4624 AND NOT TargetUserName:(SYSTEM WINFGTDNS01$)
So would like to exclude all entries which has $ in it

I am not very sure if this can work as expected in your use case but you can give a try querying like below:

EventID:4624 AND NOT TargetUserName:"*$*"

PS You need to cross check the validity of results obtained form the query above.

1 Like

if you use * at the beginning you should check and enable the graylog’s allow_leading_wildcard_searches option in server.conf

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.