Skip to content

Commit 912f3f5

Browse files
RobRob
authored andcommitted
new notebook
1 parent 02a68ae commit 912f3f5

File tree

1 file changed

+299
-0
lines changed

1 file changed

+299
-0
lines changed
Lines changed: 299 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,299 @@
1+
{
2+
"metadata": {
3+
"kernelspec": {
4+
"name": "SQL",
5+
"display_name": "SQL",
6+
"language": "sql"
7+
},
8+
"language_info": {
9+
"name": "sql",
10+
"version": ""
11+
}
12+
},
13+
"nbformat_minor": 2,
14+
"nbformat": 4,
15+
"cells": [
16+
{
17+
"cell_type": "markdown",
18+
"source": [
19+
"# Logins per day from Extended Event session\r\n",
20+
"\r\n",
21+
"This will get the logins per day from the Extended Event session created with https://gist.github.com/SQLDBAWithABeard/07091a0a0e07d64933c15a36b102f9db\r\n",
22+
""
23+
],
24+
"metadata": {
25+
"azdata_cell_guid": "8f4b976d-c4ee-4faa-ad32-74058511e0e2"
26+
}
27+
},
28+
{
29+
"cell_type": "code",
30+
"source": [
31+
"SELECT CAST(GetDate() AS nvarchar(20)) AS 'Execution Time'"
32+
],
33+
"metadata": {
34+
"azdata_cell_guid": "51224cac-608a-4f6d-84e0-eeeb23e25177"
35+
},
36+
"outputs": [
37+
{
38+
"output_type": "display_data",
39+
"data": {
40+
"text/html": "(1 row affected)"
41+
},
42+
"metadata": {}
43+
},
44+
{
45+
"output_type": "display_data",
46+
"data": {
47+
"text/html": "Total execution time: 00:00:00.116"
48+
},
49+
"metadata": {}
50+
},
51+
{
52+
"output_type": "execute_result",
53+
"metadata": {},
54+
"execution_count": 1,
55+
"data": {
56+
"application/vnd.dataresource+json": {
57+
"schema": {
58+
"fields": [
59+
{
60+
"name": "Execution Time"
61+
}
62+
]
63+
},
64+
"data": [
65+
{
66+
"0": "Apr 3 2020 2:41PM"
67+
}
68+
]
69+
},
70+
"text/html": "<table><tr><th>Execution Time</th></tr><tr><td>Apr 3 2020 2:41PM</td></tr></table>"
71+
}
72+
}
73+
],
74+
"execution_count": 1
75+
},
76+
{
77+
"cell_type": "code",
78+
"source": [
79+
"SELECT\r\n",
80+
" CAST(n.value('(@timestamp)[1]', 'datetime2') AS Date) AS LoginDate,\r\n",
81+
" n.value('(@timestamp)[1]', 'datetime2') AS [utc_timestamp],\r\n",
82+
" n.value('(action[@name=\"session_nt_username\"]/value)[1]', 'nvarchar(128)') as nt_username,\r\n",
83+
" n.value('(action[@name=\"client_hostname\"]/value)[1]', 'nvarchar(128)') as client_hostname\r\n",
84+
"INTO #tempxeresults\r\n",
85+
"from (select cast(event_data as XML) as event_data\r\n",
86+
"from sys.fn_xe_file_target_read_file('MonitorWindowsLogins*.xel', null, null, null)) ed\r\n",
87+
"cross apply ed.event_data.nodes('event') as q(n)\r\n",
88+
"\r\n",
89+
"BEGIN TRY\r\n",
90+
"SELECT \r\n",
91+
"LoginDate\r\n",
92+
",COUNT(DISTINCT nt_username) AS NumberOfLogins\r\n",
93+
"FROM #tempxeresults \r\n",
94+
"GROUP BY LoginDate\r\n",
95+
"ORDER BY LoginDate\r\n",
96+
"\r\n",
97+
"SELECT \r\n",
98+
"LoginDate\r\n",
99+
",nt_username\r\n",
100+
",COUNT(nt_username) AS NumberOfLogins\r\n",
101+
"FROM #tempxeresults \r\n",
102+
"GROUP BY LoginDate,nt_username\r\n",
103+
"ORDER BY LoginDate,COUNT(nt_username) DESC\r\n",
104+
"\r\n",
105+
"DROP TABLE #tempxeresults\r\n",
106+
"END TRY\r\n",
107+
"BEGIN CATCH\r\n",
108+
"\r\n",
109+
"DROP TABLE #tempxeresults\r\n",
110+
"END CATCH"
111+
],
112+
"metadata": {
113+
"azdata_cell_guid": "5099c3f6-34f3-40b1-8d00-133535dd0a70",
114+
"tags": []
115+
},
116+
"outputs": [
117+
{
118+
"output_type": "display_data",
119+
"data": {
120+
"text/html": "(4488 rows affected)"
121+
},
122+
"metadata": {}
123+
},
124+
{
125+
"output_type": "display_data",
126+
"data": {
127+
"text/html": "(2 rows affected)"
128+
},
129+
"metadata": {}
130+
},
131+
{
132+
"output_type": "display_data",
133+
"data": {
134+
"text/html": "(19 rows affected)"
135+
},
136+
"metadata": {}
137+
},
138+
{
139+
"output_type": "display_data",
140+
"data": {
141+
"text/html": "Total execution time: 00:00:09.864"
142+
},
143+
"metadata": {}
144+
},
145+
{
146+
"output_type": "execute_result",
147+
"metadata": {},
148+
"execution_count": 2,
149+
"data": {
150+
"application/vnd.dataresource+json": {
151+
"schema": {
152+
"fields": [
153+
{
154+
"name": "LoginDate"
155+
},
156+
{
157+
"name": "NumberOfLogins"
158+
}
159+
]
160+
},
161+
"data": [
162+
{
163+
"0": "2020-04-02",
164+
"1": "10"
165+
},
166+
{
167+
"0": "2020-04-03",
168+
"1": "9"
169+
}
170+
]
171+
},
172+
"text/html": "<table><tr><th>LoginDate</th><th>NumberOfLogins</th></tr><tr><td>2020-04-02</td><td>10</td></tr><tr><td>2020-04-03</td><td>9</td></tr></table>"
173+
}
174+
},
175+
{
176+
"output_type": "execute_result",
177+
"metadata": {},
178+
"execution_count": 2,
179+
"data": {
180+
"application/vnd.dataresource+json": {
181+
"schema": {
182+
"fields": [
183+
{
184+
"name": "LoginDate"
185+
},
186+
{
187+
"name": "nt_username"
188+
},
189+
{
190+
"name": "NumberOfLogins"
191+
}
192+
]
193+
},
194+
"data": [
195+
{
196+
"0": "2020-04-02",
197+
"1": "THEBEARD\\gsartori",
198+
"2": "1130"
199+
},
200+
{
201+
"0": "2020-04-02",
202+
"1": "THEBEARD\\gfritchey",
203+
"2": "218"
204+
},
205+
{
206+
"0": "2020-04-02",
207+
"1": "THEBEARD\\akamman",
208+
"2": "80"
209+
},
210+
{
211+
"0": "2020-04-02",
212+
"1": "THEBEARD\\clemaire",
213+
"2": "70"
214+
},
215+
{
216+
"0": "2020-04-02",
217+
"1": "THEBEARD\\smelton",
218+
"2": "29"
219+
},
220+
{
221+
"0": "2020-04-02",
222+
"1": "THEBEARD\\alevy",
223+
"2": "24"
224+
},
225+
{
226+
"0": "2020-04-02",
227+
"1": "THEBEARD\\fatherjack",
228+
"2": "24"
229+
},
230+
{
231+
"0": "2020-04-02",
232+
"1": "THEBEARD\\csilva",
233+
"2": "22"
234+
},
235+
{
236+
"0": "2020-04-02",
237+
"1": "THEBEARD\\jamrtin",
238+
"2": "18"
239+
},
240+
{
241+
"0": "2020-04-02",
242+
"1": "THEBEARD\\SQL2017N5$",
243+
"2": "2"
244+
},
245+
{
246+
"0": "2020-04-03",
247+
"1": "THEBEARD\\gsartori",
248+
"2": "1961"
249+
},
250+
{
251+
"0": "2020-04-03",
252+
"1": "THEBEARD\\gfritchey",
253+
"2": "400"
254+
},
255+
{
256+
"0": "2020-04-03",
257+
"1": "THEBEARD\\clemaire",
258+
"2": "172"
259+
},
260+
{
261+
"0": "2020-04-03",
262+
"1": "THEBEARD\\akamman",
263+
"2": "170"
264+
},
265+
{
266+
"0": "2020-04-03",
267+
"1": "THEBEARD\\fatherjack",
268+
"2": "52"
269+
},
270+
{
271+
"0": "2020-04-03",
272+
"1": "THEBEARD\\alevy",
273+
"2": "36"
274+
},
275+
{
276+
"0": "2020-04-03",
277+
"1": "THEBEARD\\csilva",
278+
"2": "30"
279+
},
280+
{
281+
"0": "2020-04-03",
282+
"1": "THEBEARD\\smelton",
283+
"2": "26"
284+
},
285+
{
286+
"0": "2020-04-03",
287+
"1": "THEBEARD\\jamrtin",
288+
"2": "24"
289+
}
290+
]
291+
},
292+
"text/html": "<table><tr><th>LoginDate</th><th>nt_username</th><th>NumberOfLogins</th></tr><tr><td>2020-04-02</td><td>THEBEARD\\gsartori</td><td>1130</td></tr><tr><td>2020-04-02</td><td>THEBEARD\\gfritchey</td><td>218</td></tr><tr><td>2020-04-02</td><td>THEBEARD\\akamman</td><td>80</td></tr><tr><td>2020-04-02</td><td>THEBEARD\\clemaire</td><td>70</td></tr><tr><td>2020-04-02</td><td>THEBEARD\\smelton</td><td>29</td></tr><tr><td>2020-04-02</td><td>THEBEARD\\alevy</td><td>24</td></tr><tr><td>2020-04-02</td><td>THEBEARD\\fatherjack</td><td>24</td></tr><tr><td>2020-04-02</td><td>THEBEARD\\csilva</td><td>22</td></tr><tr><td>2020-04-02</td><td>THEBEARD\\jamrtin</td><td>18</td></tr><tr><td>2020-04-02</td><td>THEBEARD\\SQL2017N5$</td><td>2</td></tr><tr><td>2020-04-03</td><td>THEBEARD\\gsartori</td><td>1961</td></tr><tr><td>2020-04-03</td><td>THEBEARD\\gfritchey</td><td>400</td></tr><tr><td>2020-04-03</td><td>THEBEARD\\clemaire</td><td>172</td></tr><tr><td>2020-04-03</td><td>THEBEARD\\akamman</td><td>170</td></tr><tr><td>2020-04-03</td><td>THEBEARD\\fatherjack</td><td>52</td></tr><tr><td>2020-04-03</td><td>THEBEARD\\alevy</td><td>36</td></tr><tr><td>2020-04-03</td><td>THEBEARD\\csilva</td><td>30</td></tr><tr><td>2020-04-03</td><td>THEBEARD\\smelton</td><td>26</td></tr><tr><td>2020-04-03</td><td>THEBEARD\\jamrtin</td><td>24</td></tr></table>"
293+
}
294+
}
295+
],
296+
"execution_count": 2
297+
}
298+
]
299+
}

0 commit comments

Comments
 (0)