Solved: Are ActivityID's for windows Events ever re-used a...

simoom · ‎07-18-2024

What I want to do is summarize a completed transaction of ActivityID's like Windows updates. However, I do not know if the ActivityID is reused again after a reboot and may not be a part of the original transaction or a period of time passes within 24 hours of my reports and the ActivityID is reused again. Disclaimer, I do not know that much about Microsoft Events... so maybe this sounds all wrong?

simoom · ‎07-18-2024

My mistake Correlation[]ActivityID...

Looks like it is unique internal admin helped me out:

https://sharepoint.stackexchange.com/questions/9938/what-is-the-point-of-the-error-message-correlati...

View solution in original post

simoom · ‎07-18-2024

Thank you. Though it might help someone new like me, never know.

simoom · ‎07-18-2024

My mistake Correlation[]ActivityID...

Looks like it is unique internal admin helped me out:

https://sharepoint.stackexchange.com/questions/9938/what-is-the-point-of-the-error-message-correlati...

ITWhisperer · ‎07-18-2024

This is really a Windows question not a Splunk question!

Are ActivityID's for windows Events ever re-used after a period of time or reboot?

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability