I am using NxLog on a Windows Domain Controller to send syslog format - limited to a group of EventIDs that I care about. They are coming in to graylog very well.
Trying to search windows logs and create a widget. I don’t want to see Computer login information.
So, computers all have a $ at the end of the name.
Using NOT full_message:“account name:??*$” as the search term seems like it should work… but doesn’t.
The Full message has something like “Account Name:{space}{tab}MyLatop${space}{tab}Account Domain:”
Also, I tried using TargetAccountName: - but read that it doesn’t allow searching by wildcard (by default).
Adding to post:
CentOS 8.3.2011
graylog-server 4.0.1 release 1
adding that I am using NxLog on a Windows Domain Controller to send syslog format - limited to a group of EventIDs that I care about. They are coming in to graylog very well.
Other than that, what else do you need to know? I think I laid the problem out fairly well.