user2385407
Reputation: 11
How do I identify duplicate logs in Microsoft EventViewer using XPath 1.0?
I have hundred of logs like the one which follows. I would like to avoid displaying duplicates by creating a custom filter in the EventViewer with XPath 1.0, using text contained in [EventData[Data]] as match pattern.
<?xml version="1.0" encoding="utf-16"?>
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="EDI BizTalk" />
<EventID Qualifiers="0">0</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-05-15T10:45:07.000000000Z" />
<EventRecordID>2369788</EventRecordID>
<Channel>Application</Channel>
<Computer>##</Computer>
<Security />
</System>
<EventData>
<Data>some text ..</Data>
</EventData>
</Event>
This is what I add when creating a custom filter within the Event Viewer:
<QueryList>
<Query Id="0" Path="Application">
<Select Path="Application">
*[EventData[Data = following-sibling::Data
and not(Data = preceding-sibling::Data)]]
</Select>
</Query>
</QueryList>
I have not been able to do so, I always get syntax errors. Can someone please provide some examples?
Thanks, Ivo
Upvotes: 0
Views: 324
Answers (1)
Irfan Patel
Reputation: 11
Use
Suppress
right below
Select
syntax remains same but what you give in suppress wont appear. Give a try!
Upvotes: 1
Related Questions
- How can I query the event log for a specific source using xpath?
- Trying to understand XPATH Filtering for Windows Event Logs (XML)
- Using XPath to select events that do not match other criteria in Windows event logs
- Windows Event Log, can you xpath filter for string NOT equal?
- Windows Event Log XML Query gives unintended results
- Xpath to find duplicate node values
- Xpath query for event filtering
- XPATH 1.0 find duplicate based on two elements/keys
- Identify Duplicate Nodes in XML Using XPath
- How do I identify duplicate nodes in XPath 1.0 using an XPathNavigator to evaluate?