The "Event Log Database Query" page allows you to query the database for events matching your search criteria. All properties of event logs can be searched, including the message text. If you do not specify any search criteria then all event log records will be returned.
You can limit the output of your query to only return the first X rows with the Limit menu next to the Search button.
If no severity and/or log are specified, all severities and/or logs will be returned.
Both the From and To fields are optional. If the To field is set to ANY then all records up to the current day will be returned. You may click on the calendar item to view a convenient pop-up calendar. Time specification is also optional.
Limiting search results by number, time or acknowledged flag
It is recommend that you always limit searches by number (e.g. display a maximum of 1000 records) and/or by time frame (e.g. show only records from the last 3 days. This will significantly reduce the time it takes for a query to complete, especially when the database is large and contains millions of records. If you know that a particular record(s) occurred in the last 6 hours, then limit the search to the last 6 hours to get a speedy result.
You can also limit the search by only showing events that are or are not acknowledged. You can acknowledge events by viewing the event details.
Viewing Event Details
To see all event details click on the event number, event time or message text of the record you are interested in (as indicated above). This will popup a window that will show the event details.
Grouping Output
The Unique Values option lets you group output by one or more fields. For example, to see how often certain computername, source and category combinations appear in the database, select the Computer Name, Source and Category field (you can select multiple fields by holding down the Ctrl key while clicking with the mouse) and click Search. The query shown below was further restricted to show only events from the Security source.
In the example output above you can see that host PANTHER logged 78179 events with the Logon/Logoff category (in the security log). To compare only the Logon/Logoff counts of all hosts then you can restrict the search further by selecting the according category:
Output is always sorted by the total column by default.
Saving Searches
It is possible to save searches by using the Bookmark feature of your browser. After you ran a search, simply add the result page to your browsers bookmarks and you can access it at any time again. Future versions will include the ability to save searches in the web reports themselves so that they are accessible to more than one user.