T
todomati
Guest
Hi Together
I have a following Problem and need help.
Have a EventlogSearch Method with following search filter which is working without Problems.
"*[System[(Level=4503599627370496) and (EventID!=4 and EventID!=5 and EventID!=9 and EventID!=15 and EventID!=20 and EventID!=39 and EventID!=1111 and EventID!=7031 and EventID!=7032 and EventID!=10010 and EventID!=10016 and EventID!=10028 and EventID!=36874 and EventID!=36882 and EventID!=36887 and EventID!=36888 and EventID!=129 and EventID!=61034 and EventID!=61150 and EventID!=39 and EventID!=27) and TimeCreated[@SystemTime>= '2018-12-06T10:37:21.513983900Z']]]"
As soon as i add one eventID more which i want to exclude i get ErrorMessage in line "EventLogReader logReader = new EventLogReader(elq);"
{"The specified query is invalid"}
This is how the filter looks like in case of Error:
"*[System[(Level=4503599627370496) and (EventID!=4 and EventID!=5 and EventID!=9 and EventID!=15 and EventID!=20 and EventID!=39 and EventID!=1111 and EventID!=7031 and EventID!=7032 and EventID!=10010 and EventID!=10016 and EventID!=10028 and EventID!=36874 and EventID!=36882 and EventID!=36887 and EventID!=36888 and EventID!=129 and EventID!=61034 and EventID!=61150 and EventID!=39 and EventID!=27 and EventID!=3) and TimeCreated[@SystemTime>= '2018-12-06T10:28:13.768549100Z']]]"
The only difference between those 2 Fitlers are number of IDs which i want to exclude...
Second Filter has "and EventID!=3" more than first one.
Is there any limitations for numbers of ID which can be excluded in EventLogQuery searchFilter?
Thanks in advance for your help...
public static List<EventProperty> SearchEventLogs(EventLogSearchParmeters paramObject, string searchFilter)
{
var elq = new EventLogQuery(paramObject.LogName, PathType.LogName, searchFilter);
int searchfilterint = searchFilter.Length;
List<string> inclueds = paramObject.Includes;
List<string> excludes = paramObject.Excludes;
string messageDescription = paramObject.Description;
string logonAccount = "";
string sourceWorkstation = "";
string message = "";
try
{
EventLogReader logReader = new EventLogReader(elq);
}
Continue reading...
I have a following Problem and need help.
Have a EventlogSearch Method with following search filter which is working without Problems.
"*[System[(Level=4503599627370496) and (EventID!=4 and EventID!=5 and EventID!=9 and EventID!=15 and EventID!=20 and EventID!=39 and EventID!=1111 and EventID!=7031 and EventID!=7032 and EventID!=10010 and EventID!=10016 and EventID!=10028 and EventID!=36874 and EventID!=36882 and EventID!=36887 and EventID!=36888 and EventID!=129 and EventID!=61034 and EventID!=61150 and EventID!=39 and EventID!=27) and TimeCreated[@SystemTime>= '2018-12-06T10:37:21.513983900Z']]]"
As soon as i add one eventID more which i want to exclude i get ErrorMessage in line "EventLogReader logReader = new EventLogReader(elq);"
{"The specified query is invalid"}
This is how the filter looks like in case of Error:
"*[System[(Level=4503599627370496) and (EventID!=4 and EventID!=5 and EventID!=9 and EventID!=15 and EventID!=20 and EventID!=39 and EventID!=1111 and EventID!=7031 and EventID!=7032 and EventID!=10010 and EventID!=10016 and EventID!=10028 and EventID!=36874 and EventID!=36882 and EventID!=36887 and EventID!=36888 and EventID!=129 and EventID!=61034 and EventID!=61150 and EventID!=39 and EventID!=27 and EventID!=3) and TimeCreated[@SystemTime>= '2018-12-06T10:28:13.768549100Z']]]"
The only difference between those 2 Fitlers are number of IDs which i want to exclude...
Second Filter has "and EventID!=3" more than first one.
Is there any limitations for numbers of ID which can be excluded in EventLogQuery searchFilter?
Thanks in advance for your help...
public static List<EventProperty> SearchEventLogs(EventLogSearchParmeters paramObject, string searchFilter)
{
var elq = new EventLogQuery(paramObject.LogName, PathType.LogName, searchFilter);
int searchfilterint = searchFilter.Length;
List<string> inclueds = paramObject.Includes;
List<string> excludes = paramObject.Excludes;
string messageDescription = paramObject.Description;
string logonAccount = "";
string sourceWorkstation = "";
string message = "";
try
{
EventLogReader logReader = new EventLogReader(elq);
}
Continue reading...
