Hi,

I am querying an accelerated data model for active directory, using the search below. However, the results are showing domains that are not being requested. Can someone explain this to me?

Search:

|tstats count AS "Count of active directory index events" from datamodel=Active_Directory where (nodename = active_directory_index_events) (active_directory_index_events.Account_Domain="DMN1" OR active_directory_index_events.Account_Domain="DSDOM1" OR active_directory_index_events.Account_Domain="WINROOT" OR active_directory_index_events.Account_Domain="DSROOT" OR active_directory_index_events.Account_Domain="VC1ROOT" OR active_directory_index_events.Account_Domain="VC2ROOT" OR active_directory_index_events.Account_Domain="VC3ROOT" OR active_directory_index_events.Account_Domain="FMRSHIELD") BY active_directory_index_events.Account_Domain

Results: