Is there a certain query or a way for me to include the total event count for a specified time frame seen in ESM within a report? I am not looking for details of the events - just a number of all events for the time period. I've tried to use the "count" query in ESM, but that gives a line item for each device / data source. I've also tried selecting ESM as the device in the filter and setting the query limit, but no go.
Basically the screen view of a Summary query includes the total event count in the upper right corner based on your time and device selection but that total count does not show up in a report that I can see. If you can get away it, looks like you only have the choice of either a screenshot/printing a PDF of the ESM "Default Summary" -> "Event Summary" window section which does report the total count.
If you have a dashboard set up with the information you would like to include with the report you may choose to create a report as a dashboard report. It's a way to turn any dashboard into a pdf report that can be retrieved. Alternatively when creating the report you can use a similar query as any of the event count bars in the dashboard. IE SUM* should show total event counts.