Solved: use stat results as string instead of numbers

rtalcik · ‎02-28-2020

Hi everyone, so I am wondering if it is possible to display my results as a string for computername instead of displaying it as a number. I don't believe using count or stats is the right process here, but I was wondering if someone can help me edit my command to do what I want So below is the stats command and I want to see the results by user along with WHAT computername and WHAT Host as a string

| stats count as totalcount count(eval(EventCode="4625")) as deniedcount count(eval(EventCode="4624" OR EventCode="4768" OR EventCode="4776")) as permitted_count count(eval(host)) as host count(eval(ComputerName)) as computer by user

richgalloway · ‎02-28-2020

Try this

... | stats count as total_count count(eval(EventCode="4625")) as denied_count count(eval(EventCode="4624" OR EventCode="4768" OR EventCode="4776")) as permitted_count count(host) as host count(ComputerName) as computer values(host) as hosts values(ComputerName) as computers by user

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

richgalloway · ‎02-28-2020

Try this

... | stats count as total_count count(eval(EventCode="4625")) as denied_count count(eval(EventCode="4624" OR EventCode="4768" OR EventCode="4776")) as permitted_count count(host) as host count(ComputerName) as computer values(host) as hosts values(ComputerName) as computers by user

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

rtalcik · ‎03-03-2020

This is perfect I am going to look into the values thing now. THANKS!!