以下代码给我一个异常,消息为The specified query is invalid。例外发生在分配elReader时。
怎么了?
string logType = "Microsoft-Windows-Windows Defender/Operational";
string query = string.Format("*[System/EventID=1116[TimeCreated[@SystemTime >= '{0}']]] and *[System/EventID=1116[TimeCreated[@SystemTime <= '{1}']]]",
startTime.ToUniversalTime().ToString("o"),
endTime.ToUniversalTime().ToString("o"));
var elQuery = new EventLogQuery(logType, PathType.LogName, query);
var elReader = new EventLogReader(elQuery);
这是query的内容:
* [System / EventID = 1116 [TimeCreated [@SystemTime> ='2018-07-26T07:51:57.7239606Z']]]]和* [System / EventID = 1116 [TimeCreated [@SystemTime <='2018- 08-02T07:51:57.7353333Z']]]
答案 0 :(得分:0)
经过几次尝试和错误后,此语法有效:
string query = string.Format("*[System/EventID=1116] and *[System[TimeCreated[@SystemTime >= '{0}']]] and *[System[TimeCreated[@SystemTime <= '{1}']]]",
startTime.ToUniversalTime().ToString("o"),
endTime.ToUniversalTime().ToString("o"));