Query Details
Sys Log Daemon
Query
//Syslog Daemon activity Syslog | where Facility == "daemon" | summarize count() by Computer, SourceSystem, Facility, ProcessName | sort by count_ desc
Explanation
This query is looking at Syslog data and filtering for entries where the Facility is "daemon". It then groups the results by Computer, SourceSystem, Facility, and ProcessName, and counts the number of occurrences for each group. Finally, it sorts the results in descending order based on the count.
Details
Rod Trent
Released: January 14, 2022
Tables
Syslog
Keywords
Syslog,Facility,Computer,SourceSystem,ProcessName
Operators
wheresummarizebysort by