When looking at windows event logs I notice that there are a lot of events that still have the and not this hinders my ability to table out different event ids.
I have tried to create a field extractor with the regx ">(?P\d+)<\/EventID>" as noted here https://visibleninja.guru/problemwith-eventid-field-extraction-in-windows_ta-app/.
This did not seem to parse out the event ids correctly. Where else should I put the regx key?
... View more
when diving into the data, it looks like the authentication data model is returning two events for one actual login. It looks like the event to get permission from the domain controller, is recorded and then the actual login to the computer is logged.
Is this normal, incorrect windows setup, or bad datamodel?
Thank you,
Rick
... View more
Anirbandasdeb, what step did you miss. I also have the rest api getting data with Test, but nothing when i want to configure data or validate.
... View more