How to I exclude $ in my searches

blason · December 12, 2018, 3:25am

Hi guys,

I need to exclude whenever there is $ in TargetUserName:

Can someone please guide me how to?

I have following query

EventID:4624 AND NOT TargetUserName:(SYSTEM WINFGTDNS01$)
So would like to exclude all entries which has $ in it

anmolsharma · December 12, 2018, 6:17am

I am not very sure if this can work as expected in your use case but you can give a try querying like below:

EventID:4624 AND NOT TargetUserName:"*$*"

PS You need to cross check the validity of results obtained form the query above.

macko003 · December 12, 2018, 10:34am

if you use * at the beginning you should check and enable the graylog’s allow_leading_wildcard_searches option in server.conf

system · December 26, 2018, 10:39am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Excluding Character when Searching Graylog Central (peer support)	2	780	February 25, 2019
Trying to exclude accounts with $ Graylog Central (peer support) sidecar , winlogbeat	3	1342	April 25, 2019
Search for dollar sign Graylog Central (peer support)	3	1405	January 31, 2018
Search to Exclude Computer names Graylog Central (peer support)	5	1245	January 29, 2021
Graylog wildcard exclude search Graylog Central (peer support)	2	8902	September 25, 2018