This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- Reports & Analytics
- Report of Event Log Errors including "STATEMENT" o...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Wednesday
I had a need to find a specific event log error on some of our servers, and count them up to provide a quick glance at how many times a service is failing on a server. This specifies the server name type (for instance, if all of your database servers include the phrase 'dbserver' in them), scans for the event log message including "MSG HERE", adds them together, and gives a count for each error amount of specified assets.
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysOS.OSname As OS,
tblAssets.Lastseen As [Last successful scan],
Count(tblNtlog.Eventcode) As [Error Count]
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblNtlog On tblNtlog.AssetID = tblAssets.AssetID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Inner Join tblNtlogUser On tblNtlogUser.LoguserID = tblNtlog.LoguserID
Inner Join tblNtlogFile On tblNtlogFile.LogfileID = tblNtlog.LogfileID
Left Outer Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblAssets.AssetName Like '%dbserver%' And Case tblNtlog.Eventtype
When 1 Then 'Error'
When 2 Then 'Warning'
When 3 Then 'Information'
When 4 Then 'Security Audit Success'
When 5 Then 'Security Audit Failure'
End = 'Error' And tblNtlog.TimeGenerated > GetDate() - 14 And
tblState.Statename = 'Active' And
tblNtlogMessage.Message Like '%PUTWHATERRORYOUWANTTOGETAREPORTOF%'
Group By tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysOS.OSname,
tblAssets.Lastseen
Order By [Error Count] DescReplace "dbserver" with the asset name. Replace "PUTWHATERRORYOUWANTTOGETAREPORTOF" with some specific language from the event log error. Replace "14" with however many days you want it to count backwards.
Labels:
- Labels:
-
Finished Reports
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thursday - last edited Thursday
Don't join tables which inuse. It leads to high usage of SQL Server resources.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
Oof, didnt know that, thanks! Do you have a suggestion on how the report could be improved to reduce server load?
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Custom Field Synchronization to Lansweeper Sites in Product Announcements
- 🎁 Free IP Scanner for IT Pros: Fast, Accurate, and Packed with Features! in Product Announcements
- What's New? Lansweeper Summer Launch 2024 in Product Announcements
- LsAgent Relay not included in free Plan(LimitedTrial) anymore? in General Discussions
