Fields that contain the information from PowerShell Script Block Logging events collected by the Windows integration currently use the Standard Analyzer/Tokenizer, which causes hyphens to be ignored.
This makes the following query (And any other that search for cmdlets) powershell.file.script_block_text : "Get-ChromeDump" to not work as an exact match, as shown in the following:
Should match:
Should not match:
Fields that contain the information from PowerShell Script Block Logging events collected by the Windows integration currently use the Standard Analyzer/Tokenizer, which causes hyphens to be ignored.
This makes the following query (And any other that search for cmdlets)
powershell.file.script_block_text : "Get-ChromeDump"to not work as an exact match, as shown in the following:Should match:
Should not match:
