Trying to figure out how to create a working kibana-filter to filter out where event_data.TargetUserName ends in a dollar sign ($). For example computer accounts in AD or managed service accounts.
And by filterng out i mean, remove from results.
Anyone?
I would like to invert this, to say not contains $
{
"query": {
"regexp": {
"event_data.TargetUserName": "[a-zA-Z0-9-_]{1,32}"
}
}
}
Solved this like this, but maybe its not the most efficient search performance wise:
{
"query": {
"regexp": {
"event_data.TargetUserName": "[^$]{1,64}"
}
}
}
You anyone have a better more efficient Query, i will gladly take it 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.