Query Details
Security Log File Cleared
Query
//Computers where the Security log file has been cleared search in (SecurityEvent) EventID == 1102 | summarize LogClearedCount = count() by Computer | limit 500000
Explanation
This query searches for computers where the Security log file has been cleared. It counts the number of times the log file has been cleared for each computer and limits the results to 500,000.
Details
Rod Trent
Released: May 25, 2021
Tables
SecurityEvent
Keywords
Computers,SecurityEvent,EventID,LogClearedCount,Computer
Operators
searchinEventID==1102|summarizeLogClearedCount=count()byComputer|limit500000.