Query Details
How Many Host Logons
Query
// Shows the count of logons per device SecurityEvent | where EventID == 4624 | summarize LogonCount = count() by Computer | where LogonCount > 10
Explanation
This query is counting the number of logons per device in a security event log. It filters for events with EventID 4624, then groups the logons by computer and counts them. Finally, it filters for devices with more than 10 logons.
Details
Rod Trent
Released: November 5, 2021
Tables
SecurityEvent
Keywords
SecurityEvent,EventID,LogonCount,Computer
Operators
where==summarizecount()bywhere>