Checking the size of the logs (after 7.1)

List and order table starting from the highest count of log types.

Written by Ines

Last published at: February 11th, 2022

Query Description

List and order table starting from the highest count of log types.

Info

For the versions prior to 7.1 please click [HERE]


Query Results



Query

SELECT 

'LogTypeName'=CASE

 

WHEN LogType = 0 THEN 'DeviceInventory'

WHEN LogType = 1 THEN 'Connect'

WHEN LogType = 2 THEN 'Disconnect'

WHEN LogType = 3 THEN 'Lock'

WHEN LogType = 4 THEN 'Unlock'

WHEN LogType = 5 THEN 'UnlockAttemptFail'

WHEN LogType = 6 THEN 'GuiStart'

WHEN LogType = 7 THEN 'GuiEnd'

WHEN LogType = 8 THEN 'DeviceLogin'

WHEN LogType = 9 THEN 'DeviceLogoff'

WHEN LogType = 10 THEN 'ConnectorLogin'

WHEN LogType = 11 THEN 'ConnectorLogoff'

WHEN LogType = 12 THEN 'ConnectorResourceList'

WHEN LogType = 13 THEN 'ConnectorErrors'

WHEN LogType = 14 THEN 'ResourceLaunch'

WHEN LogType = 15 THEN 'ResourceEnd'

WHEN LogType = 16 THEN 'ResourceLaunchFail'

WHEN LogType = 17 THEN 'ActiveProfile'

WHEN LogType = 18 THEN 'BrowserLinkSelect'

WHEN LogType = 19 THEN 'LdapPasswordChange'

WHEN LogType = 20 THEN 'PowerAction'

WHEN LogType = 21 THEN 'SecurityCentreStatus'

WHEN LogType = 22 THEN 'WindowsUpdateStatus'

WHEN LogType = 23 THEN 'WindowsFirewallStatus'

WHEN LogType = 24 THEN 'WifiAdapterStatus'

WHEN LogType = 25 THEN 'VMDetectionStatus'

WHEN LogType = 26 THEN 'ProcessActionApply'

WHEN LogType = 27 THEN 'ProcessActionRelease'

WHEN LogType = 28 THEN 'LocalApplicationLaunch'

WHEN LogType = 29 THEN 'AEPAllow'

WHEN LogType = 30 THEN 'AEPDeny'

WHEN LogType = 31 THEN 'SessionActionApply'

WHEN LogType = 32 THEN 'SessionActionRelease'

WHEN LogType = 33 THEN 'SEPStop'

WHEN LogType = 34 THEN 'SEPNotify'

WHEN LogType = 35 THEN 'ValidationToolResult'

WHEN LogType = 36 THEN 'DeviceInventoryInstalledWindowsUpdate'

WHEN LogType = 37 THEN 'UrlBlocked'

WHEN LogType = 38 THEN 'UsbDeny'

WHEN LogType = 39 THEN 'SEPStart'

WHEN LogType = 40 THEN 'AMPBlocked'

WHEN LogType = 41 THEN 'DEPBlocked'

WHEN LogType = 42 THEN 'AuthSuccess'

WHEN LogType = 43 THEN 'AuthFail'

 

END,Logtype,COUNT(LogType) AS 'Count'

 

FROM LogsEvent

 

GROUP BY LogType

 

ORDER BY 'Count' DESC