index=12345_ati_pia NOT Logon_Type!=10 NOT Account_Name=abc* NOT Account_Name=te* (EventCode=5421 Logon_Type=10 NOT Target_Server_Name=localhost) OR (EventCode=5421 NOT Account_Name=$) NOT Account_Name=DNA NOT Account_Name=te* NOT Account_Name=SYSTEM NOT Account_Name=BladeLogicCAMR NOT Account_Name=abckk1 NOT Account_Name=IOWADBQ NOT Account_Name=cored1 NOT Account_Name=ANON* NOT Account_Name=dmvcars
