Skip to content

Commit

Permalink
Small change 🧷
Browse files Browse the repository at this point in the history
  • Loading branch information
@blakedrumm
blakedrumm authored May 8, 2024
1 parent d2ad6a3 commit 2b8374c
Showing 1 changed file with 21 additions and 16 deletions.
37 changes: 21 additions & 16 deletions SQL Queries/Data Warehouse/DW_Events_ByTotalEvents.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@
--
-- Description:
-- This SQL script retrieves the top 100 most common events from the event logging system, providing
-- insights into the events that occur most frequently. The query returns the event display number, raw description
-- of the event, the computer name where the event was logged, and the total number of occurrences of each event.
-- Additionally, it calculates the span of days over which each event has been logged, helping identify long-running
-- or persistent issues. This query is designed to assist in identifying patterns or anomalies in event logs, particularly
-- useful in large-scale environments where understanding event noise and distribution can aid in proactive management and troubleshooting.
-- insights into the events that occur most frequently. The query returns the event display number, the rendered
-- description of the event, the computer name where the event was logged, and the total number of occurrences
-- of each event. Additionally, it calculates the span of days over which each event has been logged, helping
-- identify long-running or persistent issues. This query is especially useful in large-scale environments
-- where understanding event noise and distribution can aid in proactive management and troubleshooting.
--
-- Author: Blake Drumm (blakedrumm@microsoft.com)
-- Date Created: May 7th, 2024
Expand All @@ -16,22 +16,27 @@
----------------------------------------------------------------------------------------------------------------
-- Selects the top 100 records from the result set
SELECT TOP 100
evt.EventDisplayNumber, -- Display number of the event
evtd.RenderedDescription, -- Raw description of the event
evtlc.ComputerName, -- Name of the computer logging the event
COUNT(*) AS TotalEvents, -- Total number of events aggregated by display number, description, and computer name
evt.EventDisplayNumber, -- Display number of the event
evtd.RenderedDescription, -- Rendered description of the event
evtlc.ComputerName, -- Name of the computer logging the event
COUNT(*) AS TotalEvents, -- Total number of events aggregated by display number, description, and computer name
DATEDIFF(DAY, MIN(evt.DateTime), MAX(evt.DateTime)) + 1 AS DaysOfData -- Calculates the span of days between the earliest and latest event dates for each group
FROM
Event.vEvent AS evt -- From the main events table
Event.vEvent AS evt -- From the main events table
INNER JOIN
Event.vEventDetail AS evtd -- Joined with event details on EventOriginId
Event.vEventDetail AS evtd -- Joined with event details on EventOriginId
ON evt.EventOriginId = evtd.EventOriginId
INNER JOIN
vEventLoggingComputer AS evtlc -- Joined with the event logging computer table on LoggingComputerRowId
vEventLoggingComputer AS evtlc -- Joined with the event logging computer table on LoggingComputerRowId
ON evt.LoggingComputerRowId = evtlc.EventLoggingComputerRowId
/*
WHERE
evt.DateTime > GETUTCDATE() -- Filters to include only events with dates greater than now
*/
GROUP BY
evt.EventDisplayNumber, -- Groups the results by event display number,
evtd.RenderedDescription, -- raw event description,
evtlc.ComputerName -- and computer name
evt.EventDisplayNumber,
evtd.RenderedDescription, -- Rendered event description
evtlc.ComputerName -- and computer name
ORDER BY
TotalEvents DESC -- Orders the results by the total number of events, in descending order
DaysOfData DESC, -- Orders the results by the span of days, descending
TotalEvents DESC -- and then by the total number of events, descending

0 comments on commit 2b8374c

Please sign in to comment.