Hi,
I want to view windows event log by days - how many event happend in each day. Try to use this search:
source="WinEventLog:Application" | stats count by _time
- but display all events and not group by day.
Tell me please, what i need to change?
Thanks.
Hi @sekil,
Please try
source="WinEventLog:Application"| bucket _time span=1d | stats count by _time
Try source="WinEventLog:Application" | bucket span=1d _time | stats count by _time
Hi @sekil,
Please try
source="WinEventLog:Application"| bucket _time span=1d | stats count by _time