This is a "Distribution" Query for IDM for the last 24 hours

select EventID, count(*) 'Total Count' from [TABLE] 
   where EventID between HexToDec[0x30000] and HexToDec[0x3FFFF] 
   and [TIME] = [LAST_24_HOURS] 
   group by eventid

This is a "Distribution" Query for eDir for the last 24 hours

select EventID, count(*) 'Total Count' from [TABLE] 
   where EventID  between HexToDec[0x000B0000] and HexToDec[0x000BFFFF] 
   and [TIME] = [LAST_24_HOURS] 
   group by eventid

Outsdide of iManager it would be:

select EventID, count(*) 'Total Count' from log 
   where EventID  between 0x000B0000 and 0x000BFFFF group by EventID

As iManager will "Translate" the fields based on the application "Schema", the ouput outside of iManager is not nearly as readable.

A good SQL Statment to start with is: select INET_NTOA(Sourceip), FROM_UNIXTIME(ClientTimeStamp), clientms, FROM_UNIXTIME(ServerTimeStamp), sessionID, component, eventID, Severity, grouping, Originator, Target, SubTarget, text1, text2, text3, value1, value2, value3, data from log

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-2) was last changed on 13-Apr-2014 09:53 by jim