We got "No results found." for all dashboard after we installed the app. When we click on Inspect, we found the following search
search eventtype=msad-failed-user-logons host!="*" | fields _time, signature, src_ip, src_host, src_nt_host, src_nt_domain, user, Logon_Type
"0 matching events" even we use this query on search. But if we remove the terms host!="*" or replace it by host!="abc". For example:
search eventtype=msad-failed-user-logons | fields _time, signature, src_ip, src_host, src_nt_host, src_nt_domain, user, Logon_Type
We got all the result back.
Anyone have any idea of whats wrong regarding the "host" field?
... View more