Interesting Events Click on the event to check it on www.eventid.net

Select time range -24h@h now Computer All * ( ) ComputerName=" " OR `event_sources` | stats count by ComputerName $interval.earliest$ $interval.latest$ ComputerName ComputerName Keyword: *

`event_sources` AND $Computer$ AND $keyword$ | lookup interesting_events_lookup event_id AS EventCode, source AS SourceName OUTPUT source,description | search description="*" | table _time, ComputerName, EventCode, SourceName, Type, Message,description | rename EventCode as "EventId", description as "Why is it interesting?" $interval.earliest$ $interval.latest$ 1 20nonenonefalseprogressbarfalsefalsetrue