This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- Reports & Analytics
- Eventlog summary report for all servers
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-16-2015 07:23 AM
Hello everyone!
I found a great report, that show me practically everything I want, but I need to add some more things to show like tblNtlog.Eventcode and tblNtlogMessage.Message/ I tried to add them myself, but I had no luck in it... Is it possible to add them in this report?
I found a great report, that show me practically everything I want, but I need to add some more things to show like tblNtlog.Eventcode and tblNtlogMessage.Message/ I tried to add them myself, but I had no luck in it... Is it possible to add them in this report?
Select Top 1000000 tblNtlogSource.Sourcename As EventSource,
tblAssets.AssetID,
Count(tblNtlog.EventlogID) As EventCount
From tblAssets
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Where tblNtlog.TimeGenerated > GetDate() - 1
Group By tblNtlogSource.Sourcename,
tblAssets.AssetID
Order By EventCount Desc
Solved! Go to Solution.
Labels:
- Labels:
-
Report Center
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-16-2015 01:05 PM
In this case, add tblNtlog.Eventcode and tblNtlogMessage.Message to your report and enable grouping for these fields:
Select Top 1000000 tblNtlogSource.Sourcename As EventSource,
tblAssets.AssetID,
tblNtlog.Eventcode,
tblNtlogMessage.Message,
Count(tblNtlog.EventlogID) As EventCount
From tblAssets
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Where tblNtlog.TimeGenerated > GetDate() - 1
Group By tblNtlogSource.Sourcename,
tblAssets.AssetID,
tblNtlog.Eventcode,
tblNtlogMessage.Message
Order By EventCount Desc
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-30-2015 09:01 AM
Daniel, great answer! Thank you very much for your help! 
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-27-2015 04:32 PM
Your report originally contained the AssetID. This field won't be listed in reports, it is only being used to create links to asset pages if you add tblAssets.Assetname as well.
If you would like to count the numbers of same events on all your machines, remove the AssetID from the Select and Group part of the report query:
If you would like to count the numbers of same events on all your machines, remove the AssetID from the Select and Group part of the report query:
Select Top 1000000 tblNtlogSource.Sourcename As EventSource,
tblNtlog.Eventcode,
tblNtlogMessage.Message,
Count(tblNtlog.EventlogID) As EventCount
From tblAssets
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Where tblNtlog.TimeGenerated > GetDate() - 1
Group By tblNtlogSource.Sourcename,
tblNtlog.Eventcode,
tblNtlogMessage.Message
Order By EventCount Desc
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-25-2015 09:57 AM
Hello everyone again!
The report is working good, but I noticed 1 problem. I turned on scan for warnings events, too(only errors by default). And the thing is some simillar events are being wrote in my report with different EventCount. Looks like this:
Thanks for answering!
The report is working good, but I noticed 1 problem. I turned on scan for warnings events, too(only errors by default). And the thing is some simillar events are being wrote in my report with different EventCount. Looks like this:
EventSource Eventcode Eventtype Message EventCount
Microsoft-Windows-GroupPolicy 1085 Warning Windows failed to apply the Internet Explorer Zonemapping settings. 344
Microsoft-Windows-GroupPolicy 1085 Warning Windows failed to apply the Internet Explorer Zonemapping settings. 342
Microsoft-Windows-GroupPolicy 1085 Warning Windows failed to apply the Internet Explorer Zonemapping settings. 338
Microsoft-Windows-GroupPolicy 1085 Warning Windows failed to apply the Internet Explorer Zonemapping settings. 324
Microsoft-Windows-GroupPolicy 1085 Warning Windows failed to apply the Internet Explorer Zonemapping settings. 310
Microsoft-Windows-GroupPolicy 1085 Warning Windows failed to apply the Internet Explorer Zonemapping settings. 306
Microsoft-Windows-GroupPolicy 1085 Warning Windows failed to apply the Internet Explorer Zonemapping settings. 305
Thanks for answering!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-16-2015 01:16 PM
Thank you very much, Daniel! This is exactly what I need! 😃
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-16-2015 01:05 PM
In this case, add tblNtlog.Eventcode and tblNtlogMessage.Message to your report and enable grouping for these fields:
Select Top 1000000 tblNtlogSource.Sourcename As EventSource,
tblAssets.AssetID,
tblNtlog.Eventcode,
tblNtlogMessage.Message,
Count(tblNtlog.EventlogID) As EventCount
From tblAssets
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Where tblNtlog.TimeGenerated > GetDate() - 1
Group By tblNtlogSource.Sourcename,
tblAssets.AssetID,
tblNtlog.Eventcode,
tblNtlogMessage.Message
Order By EventCount Desc
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-16-2015 11:34 AM
Daniel, thank you for a fast answer.
I need a count of all events. In my report I can get it, but I see only amounts of them and Eventsource. I will show, how it looks like
You see, that I have three Eventsource "Disk", but errors are differ. That`s why I want to see not only counts and sources. I need to see the description of errors and eventID.
Thanks for the replies! 😃
I need a count of all events. In my report I can get it, but I see only amounts of them and Eventsource. I will show, how it looks like
EventSource EventCount
Disk 671
Disk 583
Disk 187
You see, that I have three Eventsource "Disk", but errors are differ. That`s why I want to see not only counts and sources. I need to see the description of errors and eventID.
Thanks for the replies! 😃
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-16-2015 10:03 AM
The report you mentioned lists a count of events. Do you need to have individual events listed (like the example below), or a count of events?
Select Top 1000000 tblNtlog.TimeGenerated,
tblNtlogSource.Sourcename As EventSource,
tblAssets.AssetID,
tblNtlog.Eventcode,
tblNtlogMessage.Message
From tblAssets
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Where tblNtlog.TimeGenerated > GetDate() - 1
Order By tblNtlog.TimeGenerated Desc
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- What does "Windows computers logged onto" really mean? in General Discussions
- Linux Report: All Server with its all Summary, Hardware & User Info in Reports & Analytics
- Update to V. 7.2.107.4 in General Discussions
- Hyper-V guest systems Asset Page in General Discussions
- VMWare ESXi Server linkage in General Discussions
