...
To search for some IP addresses you will need to use the advanced search and escape the dot in the IP address as per this example. make sure you have a space at the end of the IP address to get an exact match or you may see other IP address that start with the last octet.
| Code Block |
|---|
DATE='TODAY' AND ALLFIELDS REGEXI '(10\1\.1\.1 |10\.1\.1\.2 ) ' |
Restricted words and characters
...
Content that includes space characters must be surrounded by EITHER single or double quotes.
EVENTID=loginEVENTID=”login failed”
If you wish to use single or double quotes as part of your search criteria, they must be escaped with the backslash character (\)
STRINGS CONTAINS “User: \”Fred\””
The INCLUDES operator uses commas to separate potential values. If you wish to use the comma as part of your search criteria, it is recommend that you use regular expressions instead.
...