EventLogQuery: How to form query string? - McMap

About

EventLogQuery: How to form query string?

Asked 12/9, 2012 at 1:47 Answered 14/11, 2016 at 15:42

E

1

10

I have the following code:

string query = "???";

EventLogQuery elq = new EventLogQuery("Application", PathType.LogName, query);
elq.Session = new EventLogSession("x.x.x.x");
EventLogReader elr = new EventLogReader(elq);

I'm trying to figure out what I need to set query to in order to look for all entries with a source of "SQLSERVERAGENT".

Erysipelas answered 12/9, 2012 at 1:47 Comment(8)

If I use Event Viewer to set a filter, I can see the raw XML query it's using. I get a string like <Select Path="Application">*[System[Provider[@Name='SourceName']]]</Select>. Does any of this work (the whole thing, minus the XML tag, or just Provider[@Name='...']? – Clinch 12/9, 2012 at 1:57

would C#: How to Query for an event log details with a given event id? helps ? – Exultation 12/9, 2012 at 2:5

I think [this post is your answer][1]. [1]: https://mcmap.net/q/1167989/-eventlogquery-time-format-expected – Bangup 12/9, 2012 at 2:38

Thanks, I actually found that question too after posting this and it needs to be: *[System/Provider/@Name=\"SQLSERVERAGENT\" – Erysipelas 12/9, 2012 at 2:41

However, I am now befuddled about how to read the message. There are all kinds of properties with various info about the event... but no property for the actual Message string that I can see??? – Erysipelas 12/9, 2012 at 2:42

@Clinch See new question here: #12381101 – Erysipelas 12/9, 2012 at 2:56

Tl;dr XPath – Collaborative 15/5, 2019 at 10:14

Possible duplicate of C#: How to Query for an event log details with a given event id? – Collaborative 15/5, 2019 at 10:15

B

5

I have just spent an hour trying to solve similar for myself and thought I would contribute back with the solution for anyone else that comes this way. The comments should be fairly self explanatory.

public void ReadSqlAgentEventMessages()
{
    // Force culture to en-US if required, some people get a null from FormatDescription() and this appently solves it. 
    // My culture is set as en-GB and I did not have the issue, so I have left it as a comment to possibly ease someone's pain!
    // Thread.CurrentThread.CurrentCulture = new CultureInfo("en-US");

    EventLogQuery eventlogQuery = new EventLogQuery("Application", PathType.LogName, "*[System/Provider/@Name=\"SQLSERVERAGENT\"]");
    using (EventLogReader eventlogReader = new EventLogReader(eventlogQuery))
    {
        EventRecord eventRecord = eventlogReader.ReadEvent();
        try
        {

            // Loop through the events returned
            for (null != eventRecord; eventRecord = eventlogReader.ReadEvent())
            {
                // Get the description from the eventrecord. 
                string message = eventRecord.FormatDescription();

                // Do something cool with it :) 
            }
        }
        finally
        {
            if (eventRecord != null)
                eventRecord.Dispose();
        }
    }
}

Brocatel answered 14/11, 2016 at 15:42 Comment(3)

In a nutshell, use XPath syntax. – Claudiaclaudian 15/10, 2018 at 15:45

This is missing a whole pile of Dispose() calls – Collaborative 17/3, 2020 at 16:28

Thanks @Liam, feel free to edit with mods. The aim of my answer was to give the simplest code possible to a rather niggly problem, but yes, using or disposings are needed. This was some time ago, there are probably better options to explore too. – Brocatel 17/3, 2020 at 20:23

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.