What I am trying to accomplish with the command is to find the events with the EventCode "4624" and Logon_Type "10" or "2", and to name them as "RDP", however i get the following error: Here is the query below: index=wineventlogsecurity source=xmlWinEventLog:Security | stats count(eval(EventCode="4624") AND (Logon_Type="10")) AS RDP Then I get this error: Error in 'stats' command: The eval expression for dynamic field 'eval(EventCode="4624") AND (Logon_Type="10")' is invalid. Error='The operator at ') AND (Logon_Type="10"' is invalid.'. Thanks in advance for any help! and apologies for the newbie questions as I am rather new to Splunk.
... View more