API tools faq
paste
Advertisement
Guest User

zvetov

a guest
Apr 28th, 2017
57
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
SQL 1.73 KB | None | 0 0
raw download clone embed print report
  1. SELECT
  2.     timegenerated,
  3.     EXTRACT_TOKEN(Strings,0,`|`) AS USER,
  4.     EXTRACT_TOKEN(Strings,6,`|`) AS SOURCE
  5. INTO %eventtype%.csv
  6. FROM %input%
  7. WHERE EventID IN (528; 540)
  8.     AND CASE EXTRACT_TOKEN(Strings,3,`|`)
  9.         WHEN '2' THEN 'local'
  10.         WHEN '3' THEN 'network'
  11.         WHEN '5' THEN 'administrative'
  12.         WHEN '7' THEN 'unloc'
  13.     END = '%eventtype%'
  14.  
  15.  
  16. --failed
  17. SELECT
  18.     timegenerated,
  19.     EXTRACT_TOKEN(Strings,0,`|`) AS USER,
  20.     EXTRACT_TOKEN(Strings,6,`|`) AS SOURCE
  21. INTO %eventtype%.csv
  22. FROM %input%
  23. WHERE EventID BETWEEN 529 AND 537
  24.     AND CASE EXTRACT_TOKEN(Strings,2,`|`)
  25.         WHEN '2' THEN 'local'
  26.         WHEN '3' THEN 'network'
  27.         WHEN '5' THEN 'administrative'
  28.         WHEN '7' THEN 'unloc'
  29.     END = '%eventtype%'
  30.  
  31. --user
  32.  
  33.  
  34. SELECT
  35.     *
  36.     --, EXTRACT_TOKEN(Strings,0,`|`) AS user,
  37.     --EXTRACT_TOKEN(Strings,6,`|`) AS source
  38. INTO users.csv
  39. FROM %input%
  40. WHERE EventID IN (4720; 4722; 4725; 4726)
  41.  
  42.  
  43.  
  44. LogParser -i:EVT "SELECT COUNT(*) AS Times, EventType INTO Chart.gif FROM test.evt GROUP BY EventType" -chartType:PieExploded3D -chartTitle:"HAHAHA"
  45.  
  46. LogParser -i:EVT "SELECT TimeGenerated, COUNT(*) AS Times INTO Chart2.gif FROM test.evt GROUP BY TimeGenerated"  -o:chart -chartType:Column3D -chartTitle:"By times"
  47.  
  48. LogParser -i:EVT "SELECT TimeGenerated, COUNT(*) AS Times INTO Chart3.gif FROM test.evt WHERE TimeGenerated >= TIMESTAMP('2017-02-01', 'yyyy-MM-dd') GROUP BY TimeGenerated" -o:chart -chartType:Column3D -chartTitle:"By times"
  49.  
  50. Фильтр по времени
  51. LogParser -i:EVT "SELECT TimeGenerated, COUNT(*) AS Times INTO Chart3.gif FROM test.evt WHERE TimeGenerated >= TIMESTAMP('2017-02-01', 'yyyy-MM-dd') AND TimeGenerated < TIMESTAMP('2017-03-01','yyyy-MM-dd') GROUP BY TimeGenerated" -o:chart -chartType:Column3D -chartTitle:"By times"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!