How do you query an application log for multiple event codes and then organize them in a report based on what codes were seen?
I'm searching 40+ server application logs for backup exec codes and based upon success (34112 or 57755) or failure (34113 or 34114) Output the count to either a success or failure column organized by host name.
I know a way (though probably not the best way) to do either a success or failure, but not how to combine.
What I've got so far is sourcetype="WMI:WinEventLog:Application" EventCode=57755 OR 34112 | stats count by tag, host | rename count as Success
It works, but is only looking for instances when thing went correctly.