This is a "Distribution" Query for IDM for the last 24 hours
select EventID, count(*) 'Total Count' from [TABLE] where EventID between HexToDec[0x30000] and HexToDec[0x3FFFF] and [TIME] = [LAST_24_HOURS] group by eventid
This is a "Distribution" Query for eDir for the last 24 hours
select EventID, count(*) 'Total Count' from [TABLE] where EventID between HexToDec[0x000B0000] and HexToDec[0x000BFFFF] and [TIME] = [LAST_24_HOURS] group by eventid Outsdide of iManager it would be: select EventID, count(*) 'Total Count' from log where EventID between 0x000B0000 and 0x000BFFFF group by EventID
As iManager will "Translate" the fields based on the application "Schema", the ouput outside of iManager is not nearly as readable.
A good SQL Statment to start with is: select INET_NTOA(Sourceip), FROM_UNIXTIME(ClientTimeStamp), clientms, FROM_UNIXTIME(ServerTimeStamp), sessionID, component, eventID, Severity, grouping, Originator, Target, SubTarget, text1, text2, text3, value1, value2, value3, data from log