We have a search in our distributed environment which we are using to collect data to summary. The problem is it takes and age to run and is skipped often. Any tips on how to increase the performance with same results would be greatly appreciated.
... source="WinEventLog:Security" EventCode=4624 Logon_Type=2 OR Logon_Type=10
| eval Invoking_Account_Name = mvindex(Account_Name,0)
| eval Invoking_Domain_Name = mvindex(Account_Domain,0)
| eval Logon_Account_Name = mvindex(Account_Name,1)
| eval Logon_Domain_Name = mvindex(Account_Domain,1)
| rename host as DCName
| table DCName,Invoking_Account_Name,Invoking_Domain_Name,Logon_Type,Logon_Account_Name,Logon_Domain_Name,Process_ID,Process_Name,Workstation_Name,Source_Network_Address,Source_Port,Logon_Process,Authentication_Package,RecordNumber
↧