When Events have subevents fields needs to be rescaned
PrzemyslawKlys opened this issue · 0 comments
PrzemyslawKlys commented
When Events have subevents fields needs to be rescaned and merged together
AzureSynchronizationObjects = @{
Enabled = $true
EventsRunProfile = @{
Enabled = $true
Events = 6946
LogName = 'Application'
IgnoreWords = @{}
Fields = [ordered] @{
'Computer' = 'AD Connect Server'
'Action' = 'Action'
#'Who' = 'Who'
'Date' = 'When'
#'ObjectAffected' = 'User Affected'
'LevelDisplayName' = 'Level'
'TaskDisplayName' = 'Task'
'NoNameA1' = 'Profile Run'
'KeywordDisplayName' = 'Keywords1'
# Common Fields
'ID' = 'Event ID'
'RecordID' = 'Record ID'
'GatheredFrom' = 'Gathered From'
'GatheredLogName' = 'Gathered LogName'
}
SortBy = 'When'
}
EventsInternalConnector = @{
Enabled = $true
Events = 6946
LogName = 'Application'
IgnoreWords = @{}
Filter = @{
'Action' = 'Internal Connector run settings:'
}
Fields = [ordered] @{
'Computer' = 'AD Connect Server'
'Action' = 'Action'
#'Who' = 'Who'
'Date' = 'When'
#'ObjectAffected' = 'User Affected'
'LevelDisplayName' = 'Level'
'TaskDisplayName' = 'Task'
'NoNameB1' = 'NoNameB1'
'NoNameB2' = 'NoNameB2'
'NoNameB3' = 'NoNameB3'
'NoNameB4' = 'NoNameB4'
'NoNameB5' = 'NoNameB5'
'NoNameB6' = 'NoNameB6'
'NoNameB7' = 'NoNameB7'
'NoNameB8' = 'NoNameB8'
'KeywordDisplayName' = 'Keywords1'
# Common Fields
'ID' = 'Event ID'
'RecordID' = 'Record ID'
'GatheredFrom' = 'Gathered From'
'GatheredLogName' = 'Gathered LogName'
}
SortBy = 'When'
}
}
This will only show fields from Subevents first, and not the other.