Windows Overview - Windows eventtype=wineventlog_index_windows eventtype="wineventlog_common" | eval Host=if(isNull(host),Host,host) | fields Host,LogName,EventCode $Time.earliest$ $Time.latest$ eventtype=perfmon_index_windows eventtype="perfmon_windows" object=* counter=* | eval Host=if(isNull(host),Host,host) | fields Host,object,counter $Time.earliest$ $Time.latest$

@d now

| stats dc(Host) as count all value none 0 ["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"] [0,30,70,100] 1 1 standard absolute after 0 1 Hosts | stats dc(LogName) as count all value none 0 ["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"] [0,30,70,100] 1 1 standard absolute after 0 1 Log Names | stats count by EventCode, LogName | stats count all value none 0 1 1 standard absolute after 0 1 ["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"] [0,30,70,100] Event IDs | stats dc(Host) as count all value none 0 ["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"] [0,30,70,100] 1 1 standard absolute after 0 1 Hosts | stats dc(object) as count all value none 0 ["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"] [0,30,70,100] 1 1 standard absolute after 0 1 Objects | stats dc(counter) as count all value none 0 ["0x65a637","0x6db7c6","0xf7bc38","0xf58f39","0xd93f3c"] [0,30,70,100] 1 1 standard absolute after 0 1 Counters eventtype=windows_index_windows OR eventtype=wineventlog_index_windows OR eventtype=perfmon_index_windows | fields source | stats count by source | rename source as Source,count as Count $Time.earliest$ $Time.latest$ truefalserownone10 eventtype=windows_index_windows OR eventtype=wineventlog_index_windows OR eventtype=perfmon_index_windows | fields sourcetype | stats count by sourcetype | rename sourcetype as Sourcetype,count as Count $Time.earliest$ $Time.latest$ truefalsecellnone10 eventtype=windows_index_windows OR eventtype=wineventlog_index_windows OR eventtype=perfmon_index_windows | fields host | stats count by host | rename host as Host,count as Count $Time.earliest$ $Time.latest$ truefalserownone10