list all event ids found by each device

Question

I need to create a query to export the results with the following criteria, but unsure how to write the query.

I want to list every end device by hostname (including all end devices fed by Windows event collectors, not reported as the WEC) and then all the event codes (unique) collected from that device in ascending order.

Can someone please point me in the right direction

Page 1 / 1

Hi Mark,

Could this search query help you?

norm_id = winserver event_id = * host = *| chart count() by event_id, host order by event_id asc limit 1000

Best Regards,

Gustav

Reply

Gustav Elkjær Rødsgaard · Answer

Hi Mark,Could this search query help you?norm_id = winserver event_id = * host = *| chart count() by event_id, host order by event_id asc limit 1000Best Regards,Gustav

Reply

Sign up

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Login to the community

Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.

Scanning file for viruses.

This file cannot be downloaded