Menu
By editing the XML filter query manually in Windows event viewer, I can find events where the data matches a string exactly:
<QueryList> <Query Id="0" Path="Application"> <Select Path="Application">*[EventData[Data and (Data="Session end: imzcjflrrsq1sfdk3okc4jpf")]]</Select> </Query> </QueryList> Now, I want to do a partial match:
<QueryList> <Query Id="0" Path="Application"> <Select Path="Application">*[EventData[Data and (Data[starts-with(.,"Session")])]]</Select> </Query> </QueryList> Event log gives me the error:
The specified query is invalid
Do I have the syntax wrong?
365
Click "Control Panel" > "System and Security" > "Administrative Tools", and then double-click "Event Viewer" Click to expand "Windows Logs" in the left pane, and then select "Application". Click the "Action" menu and select "Save All Events As".
SolarWinds Log Analyzer (FREE TRIAL) SolarWinds Log Analyzer is an event log monitoring tool for Windows that collects event log data. You can monitor event log data in real-time through syslog, SNMP traps, and system event logs. Data can be collected and monitored through one user interface.
Types of Event Logs They are Information, Warning, Error, Success Audit (Security Log) and Failure Audit (Security Log). An event that describes the successful operation of a task, such as an application, driver, or service. For example, an Information event is logged when a network driver loads successfully.
Windows Event Log supports a subset of XPath 1.0. It has only three functions: position, Band, timediff.
Reference: https://docs.microsoft.com/en-us/windows/desktop/WES/consuming-events#xpath-10-limitations
163
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
