使用SQL查询XML事件日志数据

时间:2014-10-10 13:38:20

标签: jquery sql xml 

<Events>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="ASP.NET 4.0.30319.0" />
<EventID Qualifiers="32768">1309</EventID>
<Level>3</Level>
<Task>3</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-10-10T01:37:16.000000000Z" />
<EventRecordID>14870</EventRecordID>
<Channel>Application</Channel>
<ComputerXXXXX</Computer>
<Security />
</System>
<EventData>
<Data>3005</Data>
<Data>An unhandled exception has occurred.</Data>
<Data>10/10/2014 02:37:16</Data>
<Data>10/10/2014 01:37:16</Data>
<Data>f68c3bc5c6594c02bf13a5a99a0627a3</Data>
<Data>8138</Data>
<Data>15</Data>
<Data>0</Data>
<Data>/LM/W3SVC/3/ROOT-1-XXXXXX</Data>
<Data>Full</Data>
<Data>/</Data>
<Data>C:\Web\XXXXX\</Data>
<Data>XXXXX</Data>
<Data />
<Data>31428</Data>
<Data>w3wp.exe</Data>
<Data>Domain\User</Data>
<Data>HttpException</Data>
<Data>Exception of type 'System.Web.HttpException' was thrown.
at System.Web.Handlers.TraceHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext context)
at etc
</Data>
<Data>http://XXX/trace.axd</Data>
<Data>/trace.axd</Data>
<Data>XXX.XXX.XX.XX</Data>
<Data />
<Data>False</Data>
<Data />
<Data>XXXXX</Data>
<Data>57</Data>
<Data>XXXXXX</Data>
<Data>False</Data>
<Data>   at System.Web.Handlers.TraceHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext context)  at etc

</Data>
 </EventData>
</Event>

...
etc
</Events>

我已将一些Windows事件日志保存为XML,我已使用以下方法将这些日志插入到SQL中:

CREATE TABLE XmlSourceTable
(
      RecordId INT IDENTITY(1,1) NOT NULL PRIMARY KEY,
      XmlData XML NOT NULL
)
GO

INSERT INTO XmlSourceTable(XmlData)
SELECT
    * 
FROM OPENROWSET (BULK 'C:\xmlfile.xml', SINGLE_CLOB) 
AS XMLData

我正在尝试使用以下方法查询XML,但根本无法使其工作。

SELECT
      WEvent.query('System') as SystemFragmentXML
FROM   
      XmlSourceTable CROSS APPLY 
      XmlData.nodes('/Events/Event') AS WindowsEvent(WEvent)

任何人都可以帮助我吗?

2 个答案:

答案 0 :(得分:1)

您的XML具有在<Event>节点级别声明的默认名称空间。所以基本上该节点及其所有后代都在同一个命名空间中。

您需要注册指向默认命名空间的前缀,并在XPath中使用该前缀,例如:

;WITH XMLNAMESPACES('http://schemas.microsoft.com/win/2004/08/events/event' as d)
SELECT
      WEvent.query('d:System') as SystemFragmentXML
FROM   
      XmlSourceTable CROSS APPLY 
      XmlData.nodes('/Events/d:Event') AS WindowsEvent(WEvent)

答案 1 :(得分:1)

首先,您的XML已损坏 - 您有多个XML元素(如<Computer>)未正确关闭且您错过了结束</Events>

一旦我解决了这些问题,那么下一个问题就是你公然忽略了在<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">节点上定义的XML 名称空间

尝试此查询(使用本机XQuery支持而不是旧版OPENROWSET):

;WITH XMLNAMESPACES ('http://schemas.microsoft.com/win/2004/08/events/event' AS we)
SELECT
      XC.query('we:System') as SystemFragmentXML
FROM  
      dbo.XmlSourceTable  
CROSS APPLY
      XmlData.nodes('/Events/we:Event') AS XT(XC)
相关问题
最新问题