我知道我的查询中有什么问题?
Get-WinEvent -LogName 'Application' -FilterXPath "/Event/System/Provider[@Name = 'My App']"
每次我都得到以下例外:
*Get-WinEvent : La requête spécifiée n’est pas valide
Au caractère Ligne:1 : 1
+ Get-WinEvent -LogName 'Application' -FilterXPath "/Event/System/Provider[@Name = ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-WinEvent], EventLogException
+ FullyQualifiedErrorId : System.Diagnostics.Eventing.Reader.EventLogException,Microsoft.PowerShell.Commands.GetWinEventCommand*
在事件的XML代码
下面<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="My App" />
<EventID Qualifiers="49152">24</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2017-10-12T08:43:57.000000000Z" />
<EventRecordID>37160382</EventRecordID>
<Channel>Application</Channel>
<Computer>Apps.Server</Computer>
<Security />
</System>
<EventData>
<Data>Some additional data</Data>
非常感谢提前 此致
答案 0 :(得分:1)
在事件
之前删除'/'Get-WinEvent -LogName 'Application' -FilterXPath "Event/System/Provider[@Name = 'My App']"
Get-WinEvent -LogName 'Application' -FilterXPath "Event/EventData/Data = '6.3.9600.18376'"