Forum Discussion
Ingesting Windows Radius Server logs into Azure Sentinel
Does anyone have any experience / knowledge in getting Windows Server 2012 R2 Radius Server logs, being written in ODBC format as text files, into Azure Sentinel. The online info seems to be almost n...
PeterJ_Inobits and @Anyone else finding this... query SecurityEvent in LA for where EventID == 6272 (Success) or EventID 6273 (Fail)
Sorry I'm not clear on "Anyone else finding this"? Generally you can query for multiple Event IDs, here are two methods:
SecurityEvent
| where EventID == 8008 or EventID == 8005
| summarize count() by EventID
SecurityEvent
| where EventID in(8008, 8005)
| summarize count() by EventID