@ITWhisperer i created like this, in the Event Types index=foo_win* (host="PC*" EventID=1068) OR (host="PR**" EventID="1") OR (host="PR*" EventID="1") OR (host="PR*" EventID="1"...
See more...
@ITWhisperer i created like this, in the Event Types index=foo_win* (host="PC*" EventID=1068) OR (host="PR**" EventID="1") OR (host="PR*" EventID="1") OR (host="PR*" EventID="1") | eval Severity=case(EventID="1068", "Warning", EventID="1", "Information", EventID="1021", "Warning") | stats count by Severity writing above spl under all three pannels(critical, warning,information)