joshlemon
commented
3 years ago Found the issue.
For the first log file you upload, you need to uncheck "Add additional EVTX or XML files", this will delete all previous logs uploaded into LogonTracer, which would include the example data.
When using the latest Docker image, if you upload new data it does not remove the example data already loaded in the Docker image. This means you have both your uploaded data and the example data mixed together in the graph.