Hi,
I am trying to search the windows security log for any logs where account_name field contains fire (case insensitive).
sourcetype="WinEventLog:Security" regex Account_Name="/(\w{1,20})?fire(\w{1,20})?/i"
I am using the above search, but it doesn't work. Yet there are accounts which have fire in the name such as Firetestadmin or bluefire123, and there are events for this search.
What am I doing wrong pls?
Thanks
... View more