Property | Description |
---|---|
Computer | Name of the computer that the event was collected from. |
EventCategory | Category of the event. |
EventData | All event data in raw format. |
EventID | Number of the event. |
EventLevel | Severity of the event in numeric form. |
EventLevelName | Severity of the event in text form. |
EventLog | Name of the event log that the event was collected from. |
ParameterXml | Event parameter values in XML format. |
ManagementGroupName | Name of the management group for System Center Operations Manager agents. For other agents, this value is AOI-<workspace ID> |
RenderedDescription | Event description with parameter values |
Source | Source of the event. |
SourceSystem | Type of agent the event was collected from. OpsManager – Windows agent, either direct connect or Operations Manager managed Linux – All Linux agents AzureStorage – Azure Diagnostics |
TimeGenerated | Date and time the event was created in Windows. |
UserName | User name of the account that logged the event. |
Query | Description |
---|---|
Event | All Windows events. |
Event | where EventLevelName 'error' | All Windows events with severity of error. |
Event | summarize count() by Source | Count of Windows events by source. |
Event | where EventLevelName 'error' | summarize count() by Source | Count of Windows error events by source. |