MSMVPS.COM
The Ultimate Destination for Blogs by Current and Former Microsoft Most Valuable Professionals.
.NET Performance » WEVTUTIL queries
WEVTUTIL queries
It is possible to query the event log in Windows Vista using the WEVUTIL command line tool, passing any arbitrarily complex query. Unfortunately, the syntax needed by the query command line paramter (/q) doesn't seem to be documented (I was searching for this syntax when I got my own article back) Thanks to Ted Barnes for the question.

I've found that the simpliest way to get the search query is to let Vista do the heavy lifting for you. First, create a filter, as shown below


Then, save the filter to a custom view


Bring up the properties of this custom view


And edit the filter


Apply whatever filter you need


And then copy the text of the Select element to as the /q paramter


In this case, the syntax would be: wevtutil qe System /rd:true /f:text /q:*[System[(EventID=7036)]]
Posted Tue, Nov 21 2006 4:58 by nick
Filed under:


Copyright © is the original authors. Blog site is an independent site not sponsored by Microsoft. The Yoda blog server and the Brianna SQL server would like to thank www.ownwebnow.com and www.exchangedefender.com. They wouldn't be here and broadcasting without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems