EventLog XML查询过滤器日期范围

时间:2015-01-27 16:52:10

标签: xml windows event-log

似乎找不到在特定日期范围之间查询事件日志的正确语法

<QueryList>
  <Query Id="0" Path="Security">
        <Select Path="Security"> 
        *[EventData[Data[@Name='SubjectUserName'] and (Data='test')]] 
        and
        *[System[TimeCreated[@SystemTime'] &gt;= '2015-01-24T00:00:000Z']]
        and
        *[System[TimeCreated[@SystemTime'] &lt;= '2015-01-26T00:00:000Z']]
    </Select>
  </Query>
</QueryList>

2 个答案:

答案 0 :(得分:1)

此语法错误:[System[TimeCreated[@SystemTime] &gt;= ...
必须是[System[TimeCreated[@SystemTime&gt;= ...

请参阅下面的更正

<QueryList>
  <Query Id="0" Path="System">
    <Select Path="System">
    *[System[TimeCreated[@SystemTime&gt;='2017-12-28T00:00:00' and @SystemTime&lt;='2018-01-04T00:00:00']]]
    </Select>
  </Query>
</QueryList>

答案 1 :(得分:0)

我在你的查询中看到一个额外的撇号,我只是在SystemTime前面尝试这个。它现在应该运行。

` 

   <QueryList>
  <Query Id="0" Path="Security">
        <Select Path="Security"> 
        *[EventData[Data[@Name='SubjectUserName'] and (Data='test')]] 
        and
        *[System[TimeCreated[@SystemTime] &gt;= '2015-01-24T00:00:000Z']]
        and
        *[System[TimeCreated[@SystemTime] &lt;= '2015-01-26T00:00:000Z']]
    </Select>
  </Query>
</QueryList>'
相关问题
最新问题