This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Community FAQ
Register | Log In
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- Reports & Analytics
- Getting wrong results from >> tblNtlog.TimeG...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-19-2024 02:03 PM
Hi
I do many reports where i report on event logs. suck as logon fails, log clears etc etc. many of them return results for wrong time frame.
This example below produces a report containing events that occured some 5 days ago. but should just return last day.
Any pointers please?
Select Top 1000000 tblAssets.AssetName,
Count(tblNtlog.EventlogID) As NumberOfEvents,
tblNtlog.Eventcode,
tblNtlogSource.Sourcename,
tblNtlogMessage.Message,
tblNtlog.TimeGenerated,
tblAssets.Username
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Where (tblNtlogSource.Sourcename = 'Microsoft-Windows-Eventlog' And
tblNtlog.TimeGenerated > GetDate() - 1 And tblAssetCustom.State = 1) Or
(tblNtlogSource.Sourcename = 'Microsoft-Windows-Eventlog')
Group By tblAssets.AssetName,
tblNtlog.Eventcode,
tblNtlogSource.Sourcename,
tblNtlogMessage.Message,
tblNtlog.TimeGenerated,
tblAssets.Username
Having (tblNtlog.Eventcode = 1102) Or
(tblNtlog.Eventcode = 104)
Labels:
- Labels:
-
User-Generated Reports
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2024 08:25 AM - edited 08-23-2024 08:26 AM
Where (tblNtlogSource.Sourcename = 'Microsoft-Windows-Eventlog'
Or
tblNtlogSource.Sourcename = 'Microsoft-Windows-Eventlog')
and tblNtlog.TimeGenerated > GetDate() - 1 And tblAssetCustom.State = 1
Reports & Analytics
Ask about reports you're interested in and share reports you've created. Subscribe to receive daily updates of reports shared in the Community.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Report to Show PC's active in last 30 days as well as software installed on them in Reports & Analytics
- Report for New software installs - modifying the Software Change report in Reports & Analytics
- Report on the history of changes on the device in the last week. in Reports & Analytics
- Report on custom date field in Reports & Analytics
- Software Change Report not reflecting Removed Software in General Discussions
