Just a quick note on how to use wildcards in Log Analytics searches: the wildcard token is * and it works only if you don’t enclose the searched for string in quotes. This creates an issue if you have spaces or dots (.) inside your string, to overcome this use the ? token.
A few examples
|string searched for||pattern||Expected Result!|
|server*||Computer=server*||every computer whose name starts with server|
|194.243.100.*||Type:W3CIISLog cIP:194?243?100*||all entries generated from the subnet 194.243.100.x|
Note to escape the \ character, simply type it twice \, like in ‘mydomain\Administrator’
more samples to come