Find strings like 'jon' or 'dave' in the exported security event log(s) held in C;\TEMP\logs
SELECT * INTO C:\TEMP\Output\output.csv | |
FROM C:\TEMP\Logs\* | |
WHERE TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND | |
( Strings LIKE '%jon%' OR strings LIKE '%dave%') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment