Hi All,
I am having some trouble searching for a dollar sign within a user name. My search either errors or returns no results which I know is incorrect.
I have tried a variety of things sch as -
TargetUserName:$
TargetUserName:"$"
TargetUserName:($)
TargetUserName:$*
and a mixture of the above.
I suspect this is something to do with the search expecting the $ to form part of a format string rather than the thing to search for itself.
Any advice would be great.
Thanks.
Hi All,
Still having trouble with this. I currently have two separate logs that I want to separate between with the only difference that I can use being the $ in a username of one type.
Any thoughts of how to do this would be really useful to try.
Thanks.
Did you ever find a solution for this?
Experiencing the same issue 
Need to filter machine logons vs user logons. Same event ID and the only difference in messages is machines have $ at the end.
I thought something like:
EventID:4624 AND NOT TargetUsername:*$
would work… alas it does not
There are various reasons why this won’t work. For example search queries with leading wildcards are not allowed by default.