This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Search event logs by specific event ID

Hello, we would like to have a query to search specific events on Windows from EventID variable. Thanks in advance



This thread was automatically locked due to age.
Parents
  • Hi Erik,

    Thanks for reaching out to the Sophos Community Forum. 

    You can use the following query to do this. You can fill in additional or fewer event IDs where "EventID" is referenced.

    SELECT datetime(time, 'unixepoch', 'localtime') AS EventTimeStamp, source,
    provider_name, eventid, task_message, data
    FROM sophos_windows_events
    WHERE eventid
    IN ('EventID', 'EventID')

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • Hi Erik,

    Thanks for reaching out to the Sophos Community Forum. 

    You can use the following query to do this. You can fill in additional or fewer event IDs where "EventID" is referenced.

    SELECT datetime(time, 'unixepoch', 'localtime') AS EventTimeStamp, source,
    provider_name, eventid, task_message, data
    FROM sophos_windows_events
    WHERE eventid
    IN ('EventID', 'EventID')

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
No Data