Share via

CMPivot usage

Duchemin, Dominique 2,011 Reputation points
2023-05-16T22:16:42.1733333+00:00

Hello,

Is it possible to combive some WinEvent with some EventLog I am asking because in old Operating Systems the events were in EventLog Only...

WinEvent('Microsoft-Windows-Windows Defender/operational', 7d) | where (ID == 1000 or ID == 1001)

OR

EventLog('System') | where (ID == 1000 or ID == 1001)

Thanks,

Dom

Microsoft Security | Intune | Configuration Manager | Other
0 comments
Answer accepted by question author
  1. AllenLiu-MSFT 49,436 Reputation points Microsoft External Staff
    2023-05-17T06:21:37.53+00:00

    Hi, @Duchemin, Dominique

    Thank you for posting in Microsoft Q&A forum.

    First, the command for EventLog should be:

    EventLog('System') | where (EventID == 1000 or EventID == 1001)

    Then, I think we cannot combine the WinEvent with EventLog, they even return different column lists.

    1

    2

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Add comment".

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.