EDN Admin
Well-known member
Hi All,
I have managed to get the following query to work - it returns specific event IDs in the last 24 hours - basics i know...
<p style="margin:0in; font-family:Calibri; font-size:11pt get-winevent -filterXml "<QueryList><Query Id=0 Path=Application><Select Path=Application>*[System[(EventID=****] and TimeCreated[timediff(@SystemTime) <= 86400000]]]]</Select></Query></QueryList>"
<p style="margin:0in; font-family:Calibri; font-size:11pt
<p style="margin:0in; font-family:Calibri; font-size:11pt Esentially in the information returned it contains the GUID of an object as per the below
<p style="margin:0in; font-family:Calibri; font-size:11pt
<p style="margin:0in; font-family:Calibri; font-size:11pt <span><span style="color:#0000ff <<span><span style="color:#990000 Data<span><span style="color:#0000ff ><span> b62e381f-2cde-46d4-9dc2-ee1f3d984640 <span><span style="color:#0000ff </<span><span style="color:#990000 Data<span><span style="color:#0000ff >
<div style="text-indent:-2em <span> <span style="font-family:Courier New; color:#ff0000
<div style="text-indent:-2em How do i now extract this information in the query above, or a script to be able to use this in another query following on down the list?
<div style="text-indent:-2em <br/>
Thanks for any assistance..
View the full article
I have managed to get the following query to work - it returns specific event IDs in the last 24 hours - basics i know...
<p style="margin:0in; font-family:Calibri; font-size:11pt get-winevent -filterXml "<QueryList><Query Id=0 Path=Application><Select Path=Application>*[System[(EventID=****] and TimeCreated[timediff(@SystemTime) <= 86400000]]]]</Select></Query></QueryList>"
<p style="margin:0in; font-family:Calibri; font-size:11pt
<p style="margin:0in; font-family:Calibri; font-size:11pt Esentially in the information returned it contains the GUID of an object as per the below
<p style="margin:0in; font-family:Calibri; font-size:11pt
<p style="margin:0in; font-family:Calibri; font-size:11pt <span><span style="color:#0000ff <<span><span style="color:#990000 Data<span><span style="color:#0000ff ><span> b62e381f-2cde-46d4-9dc2-ee1f3d984640 <span><span style="color:#0000ff </<span><span style="color:#990000 Data<span><span style="color:#0000ff >
<div style="text-indent:-2em <span> <span style="font-family:Courier New; color:#ff0000
<div style="text-indent:-2em How do i now extract this information in the query above, or a script to be able to use this in another query following on down the list?
<div style="text-indent:-2em <br/>
Thanks for any assistance..
View the full article