Total Installs By Hosteventtype="wineventlog_common" SourceName=MsiInstaller EventCode=11707 host="$EventHost$"| stats sparkline as "Trend", count by host | sort -count$Time.earliest$$Time.latest$
Total Installs By Applicationeventtype="wineventlog_common" SourceName=MsiInstaller EventCode=11707 host="$EventHost$" | rex field=Message "(?s)Product: (?<product_name>.*) --" | stats sparkline as "Trend", count by product_name | sort -count$Time.earliest$$Time.latest$
Installs Over Time By Hosteventtype="wineventlog_common" SourceName=MsiInstaller EventCode=11707 host="$EventHost$" | timechart count by host useother=f$Time.earliest$$Time.latest$Installs Over Time By Applicationeventtype="wineventlog_common" SourceName=MsiInstaller EventCode=11707 host="$EventHost$" | rex field=Message "(?s)Product: (?<product_name>.*) --" | timechart count by product_name useother=f$Time.earliest$$Time.latest$
Installation Details By Hosteventtype="wineventlog_common" SourceName=MsiInstaller EventCode=11707 host="$EventHost$" | rex field=Message "(?s)Product: (?<product_name>.*) --" | stats count, latest(_time) AS ltime by host, product_name | convert ctime(ltime) | eval comb=product_name." (Last Event Time = ".ltime." )" | stats values(comb) AS Installed_Products, sum(count) AS Total_Events by host | sort -Total_Events$Time.earliest$$Time.latest$