So I’ve got an application event log…let’s call it “CustomApplicationLog”
I’ve also got an awesome application…let’s call it “MyAwesomeApplication”
Assuming this application were to ever throw an error…how can I use the XML query editor to search for an arbitrary string insite the event log message?
Below is the query generated for me after picking most of the things I wanted. I can’t find any documentation on parsing this out myself though.
<QueryList> <Query Id="0" Path="CustomApplicationLog"> <Select Path="CustomApplicationLog">*[System[Provider[@Name='MyAwesomeApplication'] and (Level=2)]]</Select> </Query> </QueryList>
Answer
<QueryList>
<Query Id="0" Path="CustomApplicationLog">
<Select Path="CustomApplicationLog">*[System[Provider[@Name='MyAwesomeApplication'] and (Level=2)]] and *[EventData[Data and (Data='string i'm looking for')]]</Select>
</Query>
</QueryList>
This is assuming your custom application spits out the sting in the EventData section. It searches the entire Event Data section of the log for that string. To get a better idea, find the log you’re looking for and check out the XML View.
Attribution
Source : Link , Question Author : Brandon Linton , Answer Author : Evan
