Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 1 reply
  • Subscribers 13 subscribers
  • Views 1751 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Search event logs by specific event ID

Erik Alejos Agustí

Hello, we would like to have a query to search specific events on Windows from EventID variable. Thanks in advance



This thread was automatically locked due to age.
  • +1

    Hi Erik,

    Thanks for reaching out to the Sophos Community Forum. 

    You can use the following query to do this. You can fill in additional or fewer event IDs where "EventID" is referenced.

    SELECT datetime(time, 'unixepoch', 'localtime') AS EventTimeStamp, source,
provider_name, eventid, task_message, data
FROM sophos_windows_events
WHERE eventid
IN ('EventID', 'EventID')

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Unfiltered HTML