1
+ {
2
+ "metadata" : {
3
+ "kernelspec" : {
4
+ "name" : " SQL" ,
5
+ "display_name" : " SQL" ,
6
+ "language" : " sql"
7
+ },
8
+ "language_info" : {
9
+ "name" : " sql" ,
10
+ "version" : " "
11
+ }
12
+ },
13
+ "nbformat_minor" : 2 ,
14
+ "nbformat" : 4 ,
15
+ "cells" : [
16
+ {
17
+ "cell_type" : " markdown" ,
18
+ "source" : [
19
+ " # Logins per day from Extended Event session\r\n " ,
20
+ " \r\n " ,
21
+ " This will get the logins per day from the Extended Event session created with https://gist.github.com/SQLDBAWithABeard/07091a0a0e07d64933c15a36b102f9db\r\n " ,
22
+ " "
23
+ ],
24
+ "metadata" : {
25
+ "azdata_cell_guid" : " 8f4b976d-c4ee-4faa-ad32-74058511e0e2"
26
+ }
27
+ },
28
+ {
29
+ "cell_type" : " code" ,
30
+ "source" : [
31
+ " SELECT CAST(GetDate() AS nvarchar(20)) AS 'Execution Time'"
32
+ ],
33
+ "metadata" : {
34
+ "azdata_cell_guid" : " 51224cac-608a-4f6d-84e0-eeeb23e25177"
35
+ },
36
+ "outputs" : [
37
+ {
38
+ "output_type" : " display_data" ,
39
+ "data" : {
40
+ "text/html" : " (1 row affected)"
41
+ },
42
+ "metadata" : {}
43
+ },
44
+ {
45
+ "output_type" : " display_data" ,
46
+ "data" : {
47
+ "text/html" : " Total execution time: 00:00:00.116"
48
+ },
49
+ "metadata" : {}
50
+ },
51
+ {
52
+ "output_type" : " execute_result" ,
53
+ "metadata" : {},
54
+ "execution_count" : 1 ,
55
+ "data" : {
56
+ "application/vnd.dataresource+json" : {
57
+ "schema" : {
58
+ "fields" : [
59
+ {
60
+ "name" : " Execution Time"
61
+ }
62
+ ]
63
+ },
64
+ "data" : [
65
+ {
66
+ "0" : " Apr 3 2020 2:41PM"
67
+ }
68
+ ]
69
+ },
70
+ "text/html" : " <table><tr><th>Execution Time</th></tr><tr><td>Apr 3 2020 2:41PM</td></tr></table>"
71
+ }
72
+ }
73
+ ],
74
+ "execution_count" : 1
75
+ },
76
+ {
77
+ "cell_type" : " code" ,
78
+ "source" : [
79
+ " SELECT\r\n " ,
80
+ " CAST(n.value('(@timestamp)[1]', 'datetime2') AS Date) AS LoginDate,\r\n " ,
81
+ " n.value('(@timestamp)[1]', 'datetime2') AS [utc_timestamp],\r\n " ,
82
+ " n.value('(action[@name=\" session_nt_username\" ]/value)[1]', 'nvarchar(128)') as nt_username,\r\n " ,
83
+ " n.value('(action[@name=\" client_hostname\" ]/value)[1]', 'nvarchar(128)') as client_hostname\r\n " ,
84
+ " INTO #tempxeresults\r\n " ,
85
+ " from (select cast(event_data as XML) as event_data\r\n " ,
86
+ " from sys.fn_xe_file_target_read_file('MonitorWindowsLogins*.xel', null, null, null)) ed\r\n " ,
87
+ " cross apply ed.event_data.nodes('event') as q(n)\r\n " ,
88
+ " \r\n " ,
89
+ " BEGIN TRY\r\n " ,
90
+ " SELECT \r\n " ,
91
+ " LoginDate\r\n " ,
92
+ " ,COUNT(DISTINCT nt_username) AS NumberOfLogins\r\n " ,
93
+ " FROM #tempxeresults \r\n " ,
94
+ " GROUP BY LoginDate\r\n " ,
95
+ " ORDER BY LoginDate\r\n " ,
96
+ " \r\n " ,
97
+ " SELECT \r\n " ,
98
+ " LoginDate\r\n " ,
99
+ " ,nt_username\r\n " ,
100
+ " ,COUNT(nt_username) AS NumberOfLogins\r\n " ,
101
+ " FROM #tempxeresults \r\n " ,
102
+ " GROUP BY LoginDate,nt_username\r\n " ,
103
+ " ORDER BY LoginDate,COUNT(nt_username) DESC\r\n " ,
104
+ " \r\n " ,
105
+ " DROP TABLE #tempxeresults\r\n " ,
106
+ " END TRY\r\n " ,
107
+ " BEGIN CATCH\r\n " ,
108
+ " \r\n " ,
109
+ " DROP TABLE #tempxeresults\r\n " ,
110
+ " END CATCH"
111
+ ],
112
+ "metadata" : {
113
+ "azdata_cell_guid" : " 5099c3f6-34f3-40b1-8d00-133535dd0a70" ,
114
+ "tags" : []
115
+ },
116
+ "outputs" : [
117
+ {
118
+ "output_type" : " display_data" ,
119
+ "data" : {
120
+ "text/html" : " (4488 rows affected)"
121
+ },
122
+ "metadata" : {}
123
+ },
124
+ {
125
+ "output_type" : " display_data" ,
126
+ "data" : {
127
+ "text/html" : " (2 rows affected)"
128
+ },
129
+ "metadata" : {}
130
+ },
131
+ {
132
+ "output_type" : " display_data" ,
133
+ "data" : {
134
+ "text/html" : " (19 rows affected)"
135
+ },
136
+ "metadata" : {}
137
+ },
138
+ {
139
+ "output_type" : " display_data" ,
140
+ "data" : {
141
+ "text/html" : " Total execution time: 00:00:09.864"
142
+ },
143
+ "metadata" : {}
144
+ },
145
+ {
146
+ "output_type" : " execute_result" ,
147
+ "metadata" : {},
148
+ "execution_count" : 2 ,
149
+ "data" : {
150
+ "application/vnd.dataresource+json" : {
151
+ "schema" : {
152
+ "fields" : [
153
+ {
154
+ "name" : " LoginDate"
155
+ },
156
+ {
157
+ "name" : " NumberOfLogins"
158
+ }
159
+ ]
160
+ },
161
+ "data" : [
162
+ {
163
+ "0" : " 2020-04-02" ,
164
+ "1" : " 10"
165
+ },
166
+ {
167
+ "0" : " 2020-04-03" ,
168
+ "1" : " 9"
169
+ }
170
+ ]
171
+ },
172
+ "text/html" : " <table><tr><th>LoginDate</th><th>NumberOfLogins</th></tr><tr><td>2020-04-02</td><td>10</td></tr><tr><td>2020-04-03</td><td>9</td></tr></table>"
173
+ }
174
+ },
175
+ {
176
+ "output_type" : " execute_result" ,
177
+ "metadata" : {},
178
+ "execution_count" : 2 ,
179
+ "data" : {
180
+ "application/vnd.dataresource+json" : {
181
+ "schema" : {
182
+ "fields" : [
183
+ {
184
+ "name" : " LoginDate"
185
+ },
186
+ {
187
+ "name" : " nt_username"
188
+ },
189
+ {
190
+ "name" : " NumberOfLogins"
191
+ }
192
+ ]
193
+ },
194
+ "data" : [
195
+ {
196
+ "0" : " 2020-04-02" ,
197
+ "1" : " THEBEARD\\ gsartori" ,
198
+ "2" : " 1130"
199
+ },
200
+ {
201
+ "0" : " 2020-04-02" ,
202
+ "1" : " THEBEARD\\ gfritchey" ,
203
+ "2" : " 218"
204
+ },
205
+ {
206
+ "0" : " 2020-04-02" ,
207
+ "1" : " THEBEARD\\ akamman" ,
208
+ "2" : " 80"
209
+ },
210
+ {
211
+ "0" : " 2020-04-02" ,
212
+ "1" : " THEBEARD\\ clemaire" ,
213
+ "2" : " 70"
214
+ },
215
+ {
216
+ "0" : " 2020-04-02" ,
217
+ "1" : " THEBEARD\\ smelton" ,
218
+ "2" : " 29"
219
+ },
220
+ {
221
+ "0" : " 2020-04-02" ,
222
+ "1" : " THEBEARD\\ alevy" ,
223
+ "2" : " 24"
224
+ },
225
+ {
226
+ "0" : " 2020-04-02" ,
227
+ "1" : " THEBEARD\\ fatherjack" ,
228
+ "2" : " 24"
229
+ },
230
+ {
231
+ "0" : " 2020-04-02" ,
232
+ "1" : " THEBEARD\\ csilva" ,
233
+ "2" : " 22"
234
+ },
235
+ {
236
+ "0" : " 2020-04-02" ,
237
+ "1" : " THEBEARD\\ jamrtin" ,
238
+ "2" : " 18"
239
+ },
240
+ {
241
+ "0" : " 2020-04-02" ,
242
+ "1" : " THEBEARD\\ SQL2017N5$" ,
243
+ "2" : " 2"
244
+ },
245
+ {
246
+ "0" : " 2020-04-03" ,
247
+ "1" : " THEBEARD\\ gsartori" ,
248
+ "2" : " 1961"
249
+ },
250
+ {
251
+ "0" : " 2020-04-03" ,
252
+ "1" : " THEBEARD\\ gfritchey" ,
253
+ "2" : " 400"
254
+ },
255
+ {
256
+ "0" : " 2020-04-03" ,
257
+ "1" : " THEBEARD\\ clemaire" ,
258
+ "2" : " 172"
259
+ },
260
+ {
261
+ "0" : " 2020-04-03" ,
262
+ "1" : " THEBEARD\\ akamman" ,
263
+ "2" : " 170"
264
+ },
265
+ {
266
+ "0" : " 2020-04-03" ,
267
+ "1" : " THEBEARD\\ fatherjack" ,
268
+ "2" : " 52"
269
+ },
270
+ {
271
+ "0" : " 2020-04-03" ,
272
+ "1" : " THEBEARD\\ alevy" ,
273
+ "2" : " 36"
274
+ },
275
+ {
276
+ "0" : " 2020-04-03" ,
277
+ "1" : " THEBEARD\\ csilva" ,
278
+ "2" : " 30"
279
+ },
280
+ {
281
+ "0" : " 2020-04-03" ,
282
+ "1" : " THEBEARD\\ smelton" ,
283
+ "2" : " 26"
284
+ },
285
+ {
286
+ "0" : " 2020-04-03" ,
287
+ "1" : " THEBEARD\\ jamrtin" ,
288
+ "2" : " 24"
289
+ }
290
+ ]
291
+ },
292
+ "text/html": "<table><tr><th>LoginDate</th><th>nt_username</th><th>NumberOfLogins</th></tr><tr><td>2020-04-02</td><td>THEBEARD\\gsartori</td><td>1130</td></tr><tr><td>2020-04-02</td><td>THEBEARD\\gfritchey</td><td>218</td></tr><tr><td>2020-04-02</td><td>THEBEARD\\akamman</td><td>80</td></tr><tr><td>2020-04-02</td><td>THEBEARD\\clemaire</td><td>70</td></tr><tr><td>2020-04-02</td><td>THEBEARD\\smelton</td><td>29</td></tr><tr><td>2020-04-02</td><td>THEBEARD\\alevy</td><td>24</td></tr><tr><td>2020-04-02</td><td>THEBEARD\\fatherjack</td><td>24</td></tr><tr><td>2020-04-02</td><td>THEBEARD\\csilva</td><td>22</td></tr><tr><td>2020-04-02</td><td>THEBEARD\\jamrtin</td><td>18</td></tr><tr><td>2020-04-02</td><td>THEBEARD\\SQL2017N5$</td><td>2</td></tr><tr><td>2020-04-03</td><td>THEBEARD\\gsartori</td><td>1961</td></tr><tr><td>2020-04-03</td><td>THEBEARD\\gfritchey</td><td>400</td></tr><tr><td>2020-04-03</td><td>THEBEARD\\clemaire</td><td>172</td></tr><tr><td>2020-04-03</td><td>THEBEARD\\akamman</td><td>170</td></tr><tr><td>2020-04-03</td><td>THEBEARD\\fatherjack</td><td>52</td></tr><tr><td>2020-04-03</td><td>THEBEARD\\alevy</td><td>36</td></tr><tr><td>2020-04-03</td><td>THEBEARD\\csilva</td><td>30</td></tr><tr><td>2020-04-03</td><td>THEBEARD\\smelton</td><td>26</td></tr><tr><td>2020-04-03</td><td>THEBEARD\\jamrtin</td><td>24</td></tr></table>"
293
+ }
294
+ }
295
+ ],
296
+ "execution_count" : 2
297
+ }
298
+ ]
299
+ }
0 commit comments