Hi guys, I’m still kind of new to IDR but I’ve been digging into logs and queries and stuff lately and have a number of potential issues I am trying to figure out. This one in particular is where I’ve searched the AD logs for “MEMBER_ADDED_TO_SECURITY_GROUP” for the last 30 days and it only shows 7 log entries. I know this is inaccurate because we add/remove people from security groups multiple times per week. If the log search was broken or it was a bad query, I would expect nothing to show up. The fact that only some show up tells me there is something wrong somewhere - that or I am searching the wrong thing in the wrong way.
I have also tried an Advanced query of “where(action=“MEMBER_ADDED_TO_SECURITY_GROUP”)groupby(source_user)” with same results.
I have a case # 00806105