List of Source Names and Frequency of Events

The following splunk query will output a list of all SourceNames in a windows environment and include a sparkline to indicate frequency: eventtype=”windows_events” sourcetype=”*EventLog:*” (host=”*” OR ComputerName=”*”) TaskCategory=”*” SourceName=”*” EventCode=”*” Type=”*” | stats sparkline as Activity, count by host | sort -count

Continue Reading →