Hi,
Is it possible to create some kind of query and dashboard to return the events per time period per event source, including those that returned nothing?
As an example, if we had 10 domain controllers I would like to see a count of events for each Active Directory Admin Activity log for each of the event sources, including those producing no events.
Thanks
Hello @talford
I think you can display this information in the Data Collection → Event Sources → Monitor Health
There is a dashboard with infomation about the ingested events and data.
Regards
Hi,
Thanks for the answer - that does show me the kind of information i need, but i need to see the information for all data sources (or at least subsets of data sources) all in one place. We have a lot of DC’s for example, and going into each one individually to get the data to include in a report isn’t efficient.
Hi @talford ,
there is a Pre-Computed query (PCQ) which gets you what you want. However it will not include a log if there are no events received.
If you navigate to Dashboards, either create a new Dashboard or add a Card to an existing one, then when building the card, select the Pre-Computed Query tab
Then Search for ‘Usage’ and you should see this
This query will return a table view of each log source and how many bytes were received.
David