windows_events

Windows Event logs.

Table schema

Name Type Description
time BIGINT Timestamp the event was received
datetime TEXT System time at which the event occurred
source TEXT Source or channel of the event
provider_name TEXT Provider name of the event
provider_guid TEXT Provider guid of the event
eventid INTEGER Event ID of the event
task INTEGER Task value associated with the event
level INTEGER The severity level associated with the event
keywords BIGINT A bitmask of the keywords defined in the event
data TEXT Data associated with the event
eid TEXT Event ID

Query examples

select * from windows_events where eventid=4104 and channel='Security'