1
Hello, in this section i want to know how to filter an event which contain Data with some words, for example:
Right Syntax:
*[EventData[Data[@Name='SourceAddress'] ='192.168.1.2']]
result: search all Events which Source Address = 192.168.1.2.
but i want to search all Events which contain LIKE 192.168.
Wrong Syntax:
*[EventData[Data[@Name='SourceAddress'] Like '192.168.']]
SchoolforDesign
Posted 2016-08-05T17:53:28.780
Reputation: 145
2
Unfortunately I don't think that is directly possible, because:
Windows Event Log supports a subset of XPath 1.0. There are limitations to what functions work in the query. For instance, you can use the "position", "Band", and "timediff" functions within the query but other functions like "starts-with" and "contains" are not currently supported.
Source Advanced XML filtering in the Windows Event Viewer
However, as w32sh pointed out in a comment, it is possible with PowerShell. See this Stack Overflow question: Using XPath starts-with or contains functions to search Windows event logs
DavidPostill
Posted 2016-08-05T17:53:28.780
Reputation: 118 938
1
I think you may need to use PowerShell for that. http://stackoverflow.com/questions/8671194/using-xpath-starts-with-or-contains-functions-to-search-windows-event-logs
– w32sh – 2016-08-05T18:06:08.817