Hello,
I am having some issues with using multiple field exclusions as not all results are being returned (only the results for the last 2 days appear).
EVT*-XXXX search eventtype=XXXXX | table txid NOT "vsp-vendor-id=XXXXXXXXXXXXXX"
If I just exclude certain hosts, I get all the required results. However, when I add the vendor id exclusion, only results for the past 2 days appear.
Any ideas why?
... View more