XML查询选择日期后

时间:2015-06-02 18:21:09

标签: xml date event-log

我一直在浏览各种论坛,试图弄清楚如何将Windows事件日志XML查询限制到特定的日期范围,但似乎XML并没有很好地发挥它的作用。我设置的查询是:

<QueryList>

<Query Id="0" Path="Application">

<Select Path="Application">

*[System[Provider[@Name='Microsoft-Windows-Folder Redirection']

and (Level=2)]]

</Select>

</Query>

</QueryList>

基本上我只想了解如何将查询限制为x天前和前进。我试图找到可能出现问题的上述错误的计算机,并且如果他们因一年前的错误或其他事情而被标记,那对我来说并不是真的有帮助。

有人能给我一点指示吗?

1 个答案:

答案 0 :(得分:1)

试试这个:

MELCHIOR:miguelgrinberg-microblog megablanc$ virtualenv flask
New python executable in flask/bin/python
Installing setuptools, pip, wheel...
  Complete output from command /Users/megablanc/Dev...log/flask/bin/python -c "import sys, pip; sys...d\"] + sys.argv[1:]))" setuptools pip wheel:
  Can not perform a '--user' install. User site-packages are not visible in this virtualenv.
----------------------------------------
...Installing setuptools, pip, wheel...done.
Traceback (most recent call last):
  File "/Users/megablanc/Library/Python/2.7/bin/virtualenv", line 11, in <module>
    sys.exit(main())
  File "/Users/megablanc/Library/Python/2.7/lib/python/site-packages/virtualenv.py", line 832, in main
    symlink=options.symlink)
  File "/Users/megablanc/Library/Python/2.7/lib/python/site-packages/virtualenv.py", line 1004, in create_environment
    install_wheel(to_install, py_executable, search_dirs)
  File "/Users/megablanc/Library/Python/2.7/lib/python/site-packages/virtualenv.py", line 969, in install_wheel
    'PIP_NO_INDEX': '1'
  File "/Users/megablanc/Library/Python/2.7/lib/python/site-packages/virtualenv.py", line 910, in call_subprocess
    % (cmd_desc, proc.returncode))
OSError: Command /Users/megablanc/Dev...log/flask/bin/python -c "import sys, pip; sys...d\"] + sys.argv[1:]))" setuptools pip wheel failed with error code 1

这将限制为在最后一天创建的那些(即最后86,400,000毫秒)。我将提供商名称更改为<QueryList> <Query Id="0" Path="Application"> <Select Path="Application"> *[System[Provider[@Name='Application Hang'] and (Level=2) and (TimeCreated[timediff(@SystemTime) &lt;= 86400000])]] </Select> </Query> </QueryList> ,因为我没有任何错误可以针对Application Hang进行测试,但您当然可以将其更改回来。

如果您需要返回超过一天,请使用公式获取毫秒:

Microsoft-Windows-Folder Redirection

参考:https://msdn.microsoft.com/en-us/library/dd996910(VS.85).aspx#limitations

相关问题
最新问题