Hi,
I defined a NIC state change on a PC to go from wired to wireless, which identifies an error for our team. However, the PCs reboot daily.
I need to exclude a daily period from 4am to 5am.
This is not excluding the daily reboots. Can the Community please provide a recommendation?
Below is the search and then the results, with the 7:49:54 entry being this error condition.
Thank you. CWCHAMBE
Search:
sourcetype="WinEventLog:Microsoft-Windows-NetworkProfile/Operational" | transaction (EventCode="10001" AND EventCode="4001" AND EventCode="10000" AND EventCode="4002") host cookie maxspan=3m maxpause=2m startswith eval(_time(>=4:00:00.000 AM) AND _time(<=5:00:00.000 AM))
Events:
2 8/17/16
4:11:50.000 AM
08/17/2016 04:11:50 AM
LogName=Microsoft-Windows-NetworkProfile/Operational
SourceName=Microsoft-Windows-NetworkProfile
EventCode=4001
EventType=4
Show all 90 lines
EventCode = 10000 EventCode = 10001 EventCode = 4001 EventCode = 4002 LogName = Microsoft-Windows-NetworkProfile/Operational Message = Entered State: Identifying Network Interface Guid: {CFECA045-931A-4D9F-BD53-187591DE91D2} Message = Network Connected Name: Identifying... Desc: Identifying... Type: Unmanaged State: Connected,IPV4 (Internet),IPV6 (Local) Category: Public Message = Network Connected Name: corp.intel.com Desc: corp.intel.com Type: Managed State: Connected,IPV4 (Internet) Category: Domain Authenticated Message = Network Disconnected Name: corp.intel.com Desc: corp.intel.com Type: Managed State: Disconnected Category: Domain Authenticated Message = Transitioning to State: Identified Network Interface Guid: {CFECA045-931A-4D9F-BD53-187591DE91D2} RecordNumber = 3027 RecordNumber = 3028 RecordNumber = 3029 RecordNumber = 3030 RecordNumber = 3031 SourceName = Microsoft-Windows-NetworkProfile host = HOSTNAME source = WinEventLog:Microsoft-Windows-NetworkProfile/Operational
3 8/16/16
7:49:54.000 AM
08/16/2016 07:49:54 AM
LogName=Microsoft-Windows-NetworkProfile/Operational
SourceName=Microsoft-Windows-NetworkProfile
EventCode=4001
EventType=4
Show all 90 lines
EventCode = 10000 EventCode = 10001 EventCode = 4001 EventCode = 4002 LogName = Microsoft-Windows-NetworkProfile/Operational Message = Entered State: Identifying Network Interface Guid: {CFECA045-931A-4D9F-BD53-187591DE91D2} Message = Network Connected Name: Identifying... Desc: Identifying... Type: Unmanaged State: Connected,IPV4 (Internet),IPV6 (Local) Category: Public Message = Network Connected Name: corp Desc: corp Type: Managed State: Connected,IPV4 (Internet) Category: Domain Authenticated Message = Network Disconnected Name: corp Desc: corp Type: Managed State: Disconnected Category: Domain Authenticated Message = Transitioning to State: Identified Network Interface Guid: {CFECA045-931A-4D9F-BD53-187591DE91D2} RecordNumber = 3022 RecordNumber = 3023 RecordNumber = 3024 RecordNumber = 3025 RecordNumber = 3026 SourceName = Microsoft-Windows-NetworkProfile host = HOSTNAME source = WinEventLog:Microsoft-Windows-NetworkProfile/Operational
4 8/16/16
4:34:02.000 AM
08/16/2016 04:34:02 AM
LogName=Microsoft-Windows-NetworkProfile/Operational
SourceName=Microsoft-Windows-NetworkProfile
EventCode=4001
EventType=4
Show all 140 lines
EventCode = 10000 EventCode = 10001 EventCode = 4001 EventCode = 4002 LogName = Microsoft-Windows-NetworkProfile/Operational Message = Entered State: Identifying Network Interface Guid: {CFECA045-931A-4D9F-BD53-187591DE91D2} Message = Entered State: Identifying Network Interface Guid: {DF2B76DC-A476-4342-80AA-26025CCB7180} Message = Network Connected Name: Identifying... Desc: Identifying... Type: Unmanaged State: Connected Category: Public Message = Network Connected Name: Identifying... Desc: Identifying... Type: Unmanaged State: Connected,IPV4 (Internet),IPV6 (Local) Category: Public Message = Network Connected Name: corp Desc: corp Type: Managed State: Connected,IPV4 (Internet),IPV6 (Local) Category: Domain Authenticated Message = Network Disconnected Name: corp Desc: corp Type: Managed State: Disconnected Category: Domain Authenticated Message = Transitioning to State: Identified Network Interface Guid: {CFECA045-931A-4D9F-BD53-187591DE91D2} Message = Transitioning to State: Identified Network Interface Guid: {DF2B76DC-A476-4342-80AA-26025CCB7180} RecordNumber = 3014 RecordNumber = 3015 RecordNumber = 3016 RecordNumber = 3017 RecordNumber = 3018 RecordNumber = 3019 RecordNumber = 3020 RecordNumber = 3021 SourceName = Microsoft-Windows-NetworkProfile
↧
How to edit my transaction search to exclude events between a certain daily time period (4am - 5am)?
↧