cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 11

Reports Based on Windows Event ID

I have come across an issue I found where I would like to run a report based off event id's in LogA but when creating the report you don't have an option to search by Event ID under the Log Manager for Orion Nodes list. I can run the report searching the Message and it Contains say 4778 for example and it reports what I need but it also includes stuff I dont need because in the Message it may see 364778 and add that to the report. I opened a ticket and they were even surprised this was not an option. Is there a way to search for just '4778' when creating a report. Attached is as close as I can get to what I want.

Thanks for any help.

0 Kudos
1 Reply
Product Manager
Product Manager

Just a quick thought. Not sure if this will help or have the same result but can you try changing the selection method to "Advanced Database Query" and then use a SWQL statement similar to what I have below? Or does this still pull back the same extraneous info as well? I am hoping that forcing it to match 'Event ID XXXX' instead of just the event number will discard the other stuff you don't want.

SELECT TOP 10 ln.DisplayName as Node, le.messagedatetime, le.LevelKey, le.Message
FROM Orion.OLM.LogEntry le, Orion.Nodes ln
WHERE ln.NodeID = le.NodeID AND LogEntryTypeID = '3' AND Message Like '%Event ID 4624%'

jvb_0-1594154198244.png

 

0 Kudos