How to I exclude $ in my searches

blason · 2018-12-12 03:25:43 UTC

Hi guys,

I need to exclude whenever there is $ in TargetUserName:

Can someone please guide me how to?

I have following query

EventID:4624 AND NOT TargetUserName:(SYSTEM WINFGTDNS01$)
So would like to exclude all entries which has $ in it

anmolsharma · 2018-12-12 06:17:12 UTC

I am not very sure if this can work as expected in your use case but you can give a try querying like below:

EventID:4624 AND NOT TargetUserName:"*$*"

PS You need to cross check the validity of results obtained form the query above.

macko003 · 2018-12-12 10:34:51 UTC

if you use * at the beginning you should check and enable the graylog’s allow_leading_wildcard_searches option in server.conf

system · 2018-12-26 10:39:07 UTC

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.