This is a "Distribution" Query for IDM for the last 24 hours
{{{select EventID, count(*) 'Total Count' from [TABLE] 
   where EventID between HexToDec[0x30000] and HexToDec[0x3FFFF] 
   and [TIME] = [LAST_24_HOURS] 
   group by eventid}}}

This is a "Distribution" Query for eDir for the last 24 hours
{{{select EventID, count(*) 'Total Count' from [TABLE] 
   where EventID  between HexToDec[0x000B0000] and HexToDec[0x000BFFFF] 
   and [TIME] = [LAST_24_HOURS] 
   group by eventid

Outsdide of iManager it would be:

select EventID, count(*) 'Total Count' from log 
   where EventID  between 0x000B0000 and 0x000BFFFF group by EventID
}}}

As iManager will "Translate" the fields based on the application "Schema", the ouput outside of iManager is not nearly as readable.


A good SQL Statment to start with is:{{{
select INET_NTOA(Sourceip), FROM_UNIXTIME(ClientTimeStamp), clientms, FROM_UNIXTIME(ServerTimeStamp), sessionID, component, eventID, Severity, grouping, Originator, Target, SubTarget, text1, text2, text3, value1, value2, value3, data from log }}}

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]