How do I filter successful events since I am getting too many?


When I login I get too many logon events. How do I filter successful events?
This is the query:-

index="wineventlog" | timechart count span=1m 

And I'm also trying to minimize event size by the add-on "windowseventsizereducer" help me to reduce the events.

0 Karma


Have a look at this

You should be able to use the searches in there to figure out the event code filter that you need to apply to your query.