XML Query Select After Date -
i've been browsing around various forums trying figure out how restrict windows event log xml queries specific date range, seems xml doesn't play it. query have set is:
<querylist> <query id="0" path="application"> <select path="application"> *[system[provider[@name='microsoft-windows-folder redirection'] , (level=2)]] </select> </query> </querylist> basically i'm trying find out how limit query x amount of days ago , forward. i'm trying find computers above error may present problem, , if flagged error year ago or something, doesn't me.
can give me little direction on this?
try this:
<querylist> <query id="0" path="application"> <select path="application"> *[system[provider[@name='application hang'] , (level=2) , (timecreated[timediff(@systemtime) <= 86400000])]] </select> </query> </querylist> this limit created in last day (i.e. last 86,400,000 milliseconds). changed provider name application hang since don't have errors test against microsoft-windows-folder redirection, change that.
if need go further 1 day, use formula milliseconds:
(days) * 24 * 60 * 60 * 1000 = (milliseconds)
reference: https://msdn.microsoft.com/en-us/library/dd996910(vs.85).aspx#limitations
Comments
Post a Comment