Hi All, I am trying to create an efficient way to pull out certain win events for my report but I am not sure it would return the results I want. It truncates some of the results. I might be doing s...
See more...
Hi All, I am trying to create an efficient way to pull out certain win events for my report but I am not sure it would return the results I want. It truncates some of the results. I might be doing something wrong. Please see the code that I am currently running and suggest an improvement. Thank you all! index=mbda_windows_server sourcetype=XmlWinEventLog EventCode=4718 OR 4728 OR 4729 OR 4730 OR 4732 OR 4733 OR 4756 OR 4757 OR 4762 OR 4796 OR 5136 | dedup src_user, MemberSid, Group_Domain, Group_Name, host, _time | convert timeformat="%d/%m/%Y %H:%M" ctime(_time) | rename src_user AS Login, MemberSid AS Account, Group_Domain AS Domain, Group_Name AS Group, host AS Host, _time AS Min_NormDateMin, name AS EventName | table Login, Account, Domain, Group, Host, Min_NormDateMin, EventCode, EventName | sort EventCode