-
Notifications
You must be signed in to change notification settings - Fork 35
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
b171eb9
commit 48c7d78
Showing
1 changed file
with
21 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,21 @@ | ||
| --Most common events by event number and raw event description and computer name (this will take a very long time to run but it shows us not only event ID – but a description of the event to help understand which MP is the generating the noise) | ||
| SELECT top 100 evt.EventDisplayNumber, evtd.RawDescription, evtlc.ComputerName, COUNT(*) AS TotalEvents | ||
| FROM Event.vEvent evt | ||
| inner join Event.vEventDetail evtd on evt.eventoriginid = evtd.eventoriginid | ||
| inner join vEventLoggingComputer evtlc on evt.LoggingComputerRowId = evtlc.EventLoggingComputerRowId | ||
| GROUP BY evt.EventDisplayNumber, evtd.RawDescription, evtlc.ComputerName | ||
| ORDER BY TotalEvents DESC | ||
| -- Selects the top 100 records from the result set | ||
| SELECT TOP 100 | ||
| evt.EventDisplayNumber, -- Display number of the event | ||
| evtd.RawDescription, -- Raw description of the event | ||
| evtlc.ComputerName, -- Name of the computer logging the event | ||
| COUNT(*) AS TotalEvents, -- Total number of events aggregated by display number, description, and computer name | ||
| DATEDIFF(DAY, MIN(evt.DateTime), MAX(evt.DateTime)) + 1 AS DaysOfData -- Calculates the span of days between the earliest and latest event dates for each group | ||
| FROM | ||
| Event.vEvent AS evt -- From the main events table | ||
| INNER JOIN | ||
| Event.vEventDetail AS evtd -- Joined with event details on EventOriginId | ||
| ON evt.EventOriginId = evtd.EventOriginId | ||
| INNER JOIN | ||
| vEventLoggingComputer AS evtlc -- Joined with the event logging computer table on LoggingComputerRowId | ||
| ON evt.LoggingComputerRowId = evtlc.EventLoggingComputerRowId | ||
| GROUP BY | ||
| evt.EventDisplayNumber, -- Groups the results by event display number, | ||
| evtd.RawDescription, -- raw event description, | ||
| evtlc.ComputerName -- and computer name | ||
| ORDER BY | ||
| TotalEvents DESC -- Orders the results by the total number of events, in descending order |