Hello Dear Team,

I'm having some trouble. I created a dropdown menu and this menu fulling from search:

index="wineventlog" host=$EventHost$ | rex "\s+server_principal_name:(?<server_principal_name>.*)" | stats count by server_principal_name

The search is ok.

When I select from the dropdown menu account with a name that doesn't contain "\" (for example account name: $first0ne), the search works fine. But when I try to select an account with a domain name like FOEU\$ahhfty, the search doesn't work.

I understand that the reason why the search doesn't work is because the dropdown was put into search row "server_principal_name:$server_principal_name$" value with one "\" but needed to be inserted in search with two symbols "\":

source="WinEventLog:App*" index="wineventlog" host="*" server_principal_name:$server_principal_name$ | bin _time span=1d | rex "\s+server_principal_name:(?<server_principal_name>.*)" | rex "statement:(?<statement>.*)" | rex "target_server_principal_name:(?<target_server_principal_name>.*)" | rex "event_time:(?<Event_time>\S+\s\w+:\w+:\w+)" | rename host as Host statement as Statement, server_principal_name as Account, target_server_principal_name as "Target Account" Event_time as "Event Time" | stats sparkline as "Magnitude Trend" count as Count by Host, Statement, Account, "Target Account", "Event Time" 

How can I add an additional "\" into the search code that has a value for search like "FOEU\$ahhfty" ?