Mirrors/marcredhat-kql
1
0
Fork 0
mirror of https://github.com/marcredhat/kql synced 2026-06-08 21:27:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
23cbaa9c08e081cbfa54c7ec8959f1d4fc78d7b4
marcredhat-kql/reports/debug_pq.log
T

31 lines
2.0 KiB
Plaintext
Raw Blame History

/Users/marc.chisinevski/.venvs/azcli/lib/python3.9/site-packages/urllib3/__init__.py:35: NotOpenSSLWarning: urllib3 v2 only supports OpenSSL 1.1.1+, currently the 'ssl' module is compiled with 'LibreSSL 2.8.3'. See: https://github.com/urllib3/urllib3/issues/3020
warnings.warn(
================================================================================
# any serverHost=kql-proof
query: serverHost='kql-proof' | columns event_type, UserPrincipalName, ts_epoch_ms | limit 5
status=success matching=0.0 rows=0 took=8.7s
================================================================================
# count by event_type
query: serverHost='kql-proof' | group n=count() by event_type
status=success matching=0.0 rows=0 took=7.0s
================================================================================
# SigninLogs by user
query: serverHost='kql-proof' event_type='SigninLogs' | group n=count() by UserPrincipalName
status=success matching=0.0 rows=0 took=7.4s
================================================================================
# SigninLogs min/max ts_epoch_ms
query: serverHost='kql-proof' event_type='SigninLogs' | group mn=min(ts_epoch_ms), mx=max(ts_epoch_ms), n=count()
status=success matching=0.0 rows=0 took=4.1s
================================================================================
# recent SigninLogs (no time filter)
query: serverHost='kql-proof' event_type='SigninLogs' Location='RU' | columns UserPrincipalName, Location | limit 10
status=success matching=0.0 rows=0 took=3.7s
================================================================================
# SecurityEvent EventID column type
query: serverHost='kql-proof' event_type='SecurityEvent' | columns EventID, NewProcessName | limit 5
status=success matching=0.0 rows=0 took=3.3s
================================================================================
# Audit OperationName
query: serverHost='kql-proof' event_type='AuditLogs' | columns OperationName | limit 10
status=success matching=0.0 rows=0 took=3.5s
Reference in New Issue View Git Blame Copy Permalink