xpath - Filtering events in Event Viewer using a regex -


i have event log thousands of events. want make custom filter or view shows of them. want filter them using regex (or simple text match) on either entire text of xml (as text), or on particular field. event viewer support ctl+f finding, apparently can't put same find action custom view used every time.

  • environment: microsoft windows server 2012 standard
  • program: event viewer

i've looked @ creating custom view, , editing xml source of custom view properties try filter them.

the events this:

<event xmlns="http://blahblah.com">   <eventdata>     <data>blah smith blah     </data>   </eventdata> </event>

and want text match / regex on data field.

i've tried lot of things this:

<querylist>   <query id="0" path="">     <select path="">        *[eventdata[data=regex("*smith*")]]     </select>   </query> </querylist>

as other lines like

*[eventdata[data="%smith%")]] *[eventdata[data="%%smith%%")]]

but no result or invalid xpath error.

how can this? i'd interested in knowing name am. full xpath, or have specific microsoft version name? how can list of namespace exists within *event line? how can access compile/runtime errors whatever interpreting attempts @ writing xpath?

i'd accept solutions in form of programs connect event viewer api. it'd better if easy use & integrated program itself, powershell version of event log filtering useful.

overall want filter events out of event log based on regex (or simple text matching) of contents. theoretically should easy - ctl+f find can it, events stored on local computer somewhere, , have apparently sophisticated custom view filter setup.

using powershell, there easy workaround:

get-eventlog -logname security | where-object { $_.message -like 'testsite' } | format-table message -wrap -autosize | out-file c:\users**username**\desktop\out.txt

you need specify own logname, text searched , outfile path.

the "format-table message -wrap -autosize" makes sure messages/exceptions won't truncated. if want field other message, replace "$_.message" appropriate field name.

cheers


Comments

Post a Comment

Popular posts from this blog

1111. appearing after print sequence - php -

morning, i have code takes string of shoe sizes, explodes , puts in table. code works , info displayed correctly on page after table there few 1's after table. i'm confused this. so table looks (in columns of 3 on webpage) available in following sizes: 3 4 5 6 9 10 111 here's codes, purpose of example $x = 3|4|6|10|9 function get_sizes_pipe($x) { $counter = 0; $splits = explode("|",$x); asort($splits); $x = print "<table class='greentable'>"; $x .= print "<thead><tr><th scope='col' colspan='3' abbr='starter'>available in following sizes:</th></tr></thead><tbody><tr>"; foreach ($splits $split) { $entry = print "<td>".$split."</td>"; if($counter == 2){ $entry .= print "</tr><tr>"; $counter =0; } else { $counter++; ...
Read more

java - WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/board/] in DispatcherServlet with name 'appServlet' -

this question has answer here: why spring mvc respond 404 , report “no mapping found http request uri […] in dispatcherservlet”? 3 answers i trying making simple bbs i'm encountering following error, warn : org.springframework.web.servlet.pagenotfound - no mapping found http request uri [/board/] in dispatcherservlet name 'appservlet' i have tried solve error many times, have failed. how can solve error? here web.xml, controllerand , servlet-context. my web.xml <?xml version="1.0" encoding="utf-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <filter> <filter-nam...
Read more

Ruby on Rails, ActiveRecord, Postgres, UTF-8 and ASCII-8BIT encodings -

weirdest error, who’s challenge try , me? spent hours yesterday on , it’s magic. can't believe happening , it's driving me crazy. btw, using: rails 4.2.3 ruby 2.2.3 pg 0.18 encoding.default_internal = encoding.default_external = utf-8 config.encoding = 'utf-8' it has postgres, activerecord , encodings! turns out we’ve been getting these errors whenever create new users on database special characters: encoding::undefinedconversionerror: "\xc3" ascii-8bit utf-8 \xc3 may vary depending on characters. weird part we’ve set since beginning utf-8. makes no sense , digged it, , used script: user.all.each |user| user.attributes.each |name, value| if value.is_a? string puts user.email + name.encoding.to_s + value.encoding.to_s end end end and output of 1 of users, users same: dr_lottahelp@blahblah.comutf-8utf-8 dr_lottahelp@blahblah.comutf-8ascii-8bit dr_lottahelp@blahblah.comutf-8ascii-8bit dr_lottahelp@blahblah.comutf-8asci...
Read more