I noticed that one of my rules stopped firing emails and upon digging around, I found that wildcards are not performing like they used too. For example...
Say I have this log entry where the Event Info was: "Member John Doe was added to group Domain Admins"
My rule would first off search for "Member*added to group*". That does not work anymore. I had to remove the "Member" for the rule to fire just off of "*added to group*".
Just now I was searching with nDepth and noticed the same. I had an IP that I was searching for, say "*1.2.3.4*" and when doing a text search I found that the VPN user was in the format of "User jdoe assigned to IP 1.2.3.4", or something like that. So, instead of searching for all instances of the IP, I edited my text search by adding "User*1.2.3.4*". NDepth returned zero results. I even tried it with a wildcard at the beginning like "*User*1.2.3.4*" and that still did not work...even though the search should have returned the results I modeled the search off of, at least!
From what I can tell, if you are trying to search for more than one set of text in a wildcard text search, you will get zero results. So, you can search for "*one*", but not "*one*two*". Hopefully, this gets resolved, because this was very handy.
Also, I know I can use the AND in nDepth, but it's very helpful to be able to note the order in which you want the text to be in the search. Rather than displaying if it includes A and also includes B, you can only return results that include A before B (*A*B*) or B before A (*B*A*).