我有以下事件日志查询,我需要根据事件ID和创建时间的特定日期范围进行过滤。这是我目前的情况:
var _PRINTINGDOCUMENTEVENTID = "307";
var startTime = System.DateTime.Now.AddMinutes(-10);
var endTime = System.DateTime.Now
var query = string.Format("*[[System/EventID={0}] and [System[TimeCreated[@SystemTime >= {1}]]] and [System[TimeCreated[@SystemTime <= {2}]]]", _PRINTINGDOCUMENTEVENTID, startTime.ToUniversalTime().ToString("o"), endTime.ToUniversalTime().ToString("o"));)
var logQuery = new EventLogQuery("Microsoft-Windows-PrintService/Operational", PathType.LogName, query );
var reader = new EventLogReader(logQuery);
当我尝试调试事件日志查询时出现以下错误:
指定的查询无效
以下是调试时query值的样子:
“* [[System / EventID = 307]和[System [TimeCreated [@SystemTime&gt; = 2016-03-28T22:51:23.9082575Z]]]和[系统[TimeCreated [@SystemTime&lt; = 2016-03-28T23:01:23.9092576Z]]]“
如何解决此问题?
答案 0 :(得分:3)
我能够确定按事件ID过滤的正确格式和TimeCreated的日期范围
var eventId = "307";
var startTime = System.DateTime.Now.AddMinutes(-10);
var endTime = System.DateTime.Now;
var query = string.Format(@"*[System/EventID={0}] and *[System[TimeCreated[@SystemTime >= '{1}']]] and *[System[TimeCreated[@SystemTime <= '{2}']]]",
eventId,
startTime.ToUniversalTime().ToString("o"),
endTime.ToUniversalTime().ToString("o"));
答案 1 :(得分:0)
您是否尝试使用刻度线包围格式化的DateTime?
and [System[TimeCreated[@SystemTime >= '{1}']]]