I'm playing with WinEventLog:Security source, and I found a "-" username that altered my statistics.
In a generic login log, there is a section with this user, and I'm looking for a way to remove it and clean/normaliza my logs before they'll be indexed.
09/15/2011 01:41:18 PM
SourceName=Microsoft Windows security auditing.
Message=An account was successfully logged on.