Hello,
I'm trying to find a search to correlate (graph overlay) log collect with specific windows eventcode (4608 for windows is starting up ; 6005 :The event log service was started 6006 The Event log service was stopped)
like this
host=machine | timechart count by host
and the other part would be
host=machine EventCode=4608 OR EventCode=6005 OR EventCode=6006 | timechart count by EventCode
I'm a little bit lost with appendcols /append/ join ...
How can I do this? Thank you for your help
... View more