The Lem does not appear to recognize special characters within an event data field; an underscore for example.
I am using nDepth to search the Windows UserLogon.DestinationAccount field for account names which (in my AD environment) can contain an underscore "_" character.
It appears the LEM does not recognize an underscore (or any special character) in an (text) event data field. Here's an example of two searches I executed on the same time period; with and without an underscore.
Note that the result counts in both cases, are identical. The actual result details contain data both with and without the underscore.
Is their some escape syntax that is needed in such cases??????????????????????????????????????????????
If anyone knows the answer to this; please provide the syntax detail!