When I login I get too many logon events. How do I filter successful events?
This is the query:-
index="wineventlog" | timechart count span=1m
And I'm also trying to minimize event size by the add-on "windowseventsizereducer" help me to reduce the events.
Have a look at this
You should be able to use the searches in there to figure out the event code filter that you need to apply to your query.