Examples of 22

Log Name:       Microsoft-Windows-Sysmon/Operational
Source:         Microsoft-Windows-Sysmon
Date:           4/15/2021 1:07:01 PM
Event ID:       22
Task Category: Dns query (rule: DnsQuery)
Level:          Information
Keywords:      
User:           SYSTEM
Computer:       w19-ex-111.Win2019.local
Description: Dns query:
RuleName: -
UtcTime: 2021-04-15 20:06:58.876
ProcessGuid: {ff9115ad-7aff-6078-4000-000000002c00}
ProcessId: 3292
QueryName: w19-sc-114.win2019.local
QueryStatus: 0
QueryResults: ::ffff:10.42.1.114;
Image: C:\Program Files\Supercharger Controller\Mtg.Supercharger.ControllerService.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Sysmon" Guid="{5770385F-C22A-43E0-BF4C-06F5698FFBD9}" />
    <EventID>22</EventID>
    <Version>5</Version>
    <Level>4</Level>
    <Task>22</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2021-04-15T20:07:01.007242000Z" />
    <EventRecordID>8954</EventRecordID>
    <Correlation />
    <Execution ProcessID="3500" ThreadID="1904" />
    <Channel>Microsoft-Windows-Sysmon/Operational</Channel>
    <Computer>w19-ex-111.Win2019.local</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="RuleName">-</Data>
    <Data Name="UtcTime">2021-04-15 20:06:58.876</Data>
    <Data Name="ProcessGuid">{ff9115ad-7aff-6078-4000-000000002c00}</Data>
    <Data Name="ProcessId">3292</Data>
    <Data Name="QueryName"> w19-ex-111.win2019.local</Data>
    <Data Name="QueryStatus">0</Data>
    <Data Name="QueryResults">::ffff:10.42.1.114;</Data>
    <Data Name="Image">C:\Program Files\Supercharger Controller\Mtg.Supercharger.ControllerService.exe</Data>
  </EventData>
</Event>

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection