Hello! I am attempting to find events based on names in a CSV file (I am attempting to build a search to identify security group name changes). However, I appear to be missing something since I do not get any results.
Here is the search I am trying, but it is not presenting any results:
(EventCode=4781)
[inputlookup Groups.csv | rename Security_ID AS Old_Account_Name]
Here is what I have and have tried:
I have a Groups.csv file that looks like this that contains the groups I would like to search against:
Security_ID
*\Group1
*\Group2
*\Group3
I have tested renaming the header and this correctly shows the contents of my CSV file with the renamed header as expected:
| inputlookup Groups.csv | rename Security_ID AS Old_Account_Name
I am also able to successfully get results when I do this:
(EventCode=4781)
(Old_Account_Name="*\Group1")
However, I am not able to perform the original search, which is to search for events that contain any of the groups in the CSV file.
I appear to be missing something - can someone please help correct my search query?
Thanks!
↧