legal contact rss
 

win event summary

Total Windows Events

sourcetype="whatever"  | stats count

Non-Login Windows Events

sourcetype="whatever"  EventCode!=4624  EventCode!=4625  EventCode!=4634 | eval fc=EventCode.":".name | timechart limit=30 span=2h count(EventCode) by fc

sourcetype is the windows security evetlog sent by the splunk forwarding agent on a DC