Sophos Endpoint

Discussions Search event logs by specific event ID

Sophos Endpoint requires membership for participation - click to join

Thread Info

State Verified Answer
+1 person also asked this people also asked this
Locked Locked
Replies 1 reply
Subscribers 12 subscribers
Views 1163 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Search event logs by specific event ID

Erik Alejos Agustí over 1 year ago

Hello, we would like to have a query to search specific events on Windows from EventID variable. Thanks in advance

This thread was automatically locked due to age.

Top Replies

Qoosh over 1 year ago +1 verified

Hi Erik, Thanks for reaching out to the Sophos Community Forum. You can use the following query to do this. You can fill in additional or fewer event IDs where "EventID" is referenced. SELECT datetime…

+1 Qoosh over 1 year ago
Hi Erik,

Thanks for reaching out to the Sophos Community Forum.

You can use the following query to do this. You can fill in additional or fewer event IDs where "EventID" is referenced.

SELECT datetime(time, 'unixepoch', 'localtime') AS EventTimeStamp, source, provider_name, eventid, task_message, data FROM sophos_windows_events WHERE eventid IN ('EventID', 'EventID')
Kushal Lakhan

Team Lead, Global Community Support
Connect with Sophos Support, get alerted, and be informed.
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up +1 Vote Down

Cancel