Diane Carson

Parsing through all this data!

Discussion created by Diane Carson on Apr 27, 2012
Latest reply on Apr 30, 2012 by securitysavy
Hi all, Wondering if someone has an easy answer for me. I'm looking for certain events from the security logs of all my windows servers for a 2 week period. I can't seem to figure out where to put in my search criteria to get the results to be down to a manageable level. I'm running reports - but they are saying it will take 6 hours to complete. When I do query searches by the 3 digit event code ID - I do not get any results, but I see results when I'm looking in the event viewer. One days worth of events is over 1.6 million, so therefore needing to see 2 weeks worth is next to impossible. I've tried the query window - I've tried different reports..... I'm wanting to pull all 540 and 552 event IDs from my Windows servers for the last 2 weeks. Anyone want to chime in with ideas? I'm new to Envision and am getting frustrated as I'm not sure if I am looking in the correct places for this information. Thank you!

Outcomes