Event Log Entry Count By Severity

less than 1 minute read

Visualizing the count of Event Log events on a computer can be helpful in some cases:

starting to investigate an issue - does the issue coincide with an increase in Event Log activity?
deploying a change - did the change result in an increase in Event Log activity?

This is a very broad look, but can help get to the next questions, such as:

What events are responsible for the increase?
When did the increase occur?
How does the increase relate to the issue?

// Count the Event Log Entries by Severity (Info, Warning, Error)
Event
| where TimeGenerated > ago(10d)
| where Computer == 'myComputerName'
| summarize count() by EventLevelName, bin(TimeGenerated, 1h)
| render timechart 

Find MIM Active Workflow Definitions

less than 1 minute read

Need to find the workflow definitions that are actually configured to be active? It’s a good way to find configuration bloat that could be cleaned up.

Calling the MFA SDK with PowerShell Invoke-Command

2 minute read

Had a fun question to answer the other day, “How many users have OAuth tokens?”.

Query the MIM Service Database for Group Membership

1 minute read

Got a MIM Service database backup? You should. Got it configured in Azure with a retention policy? Got it encrypted?

Add IP Addresses to a Firewall Rule

1 minute read

Some of our services are locked down with a list of approved IP addresses. It can be a pain to manage sometimes using the firewall UX so this snippet comes ...

Craig Martin

Event Log Entry Count By Severity

You May Also Enjoy

Find MIM Active Workflow Definitions

Calling the MFA SDK with PowerShell Invoke-Command

Query the MIM Service Database for Group Membership

Add IP Addresses to a Firewall Rule