How to search string in Event Viewer XML Query?

Question

Hello, in this section i want to know how to filter an event which contain Data with some words, for example:

Right Syntax:

*[EventData[Data[@Name='SourceAddress'] ='192.168.1.2']]

result: search all Events which Source Address = 192.168.1.2.

but i want to search all Events which contain LIKE 192.168.

Wrong Syntax:

*[EventData[Data[@Name='SourceAddress'] Like '192.168.']]

I think you may need to use PowerShell for that. stackoverflow.com/questions/8671194/… — w32sh, Commented Aug 5, 2016 at 18:06

DavidPostill · Accepted Answer · 2016-08-05 18:33:11Z

I want to search all Events which contain LIKE 192.168.

Unfortunately I don't think that is directly possible, because:

Windows Event Log supports a subset of XPath 1.0. There are limitations to what functions work in the query. For instance, you can use the "position", "Band", and "timediff" functions within the query but other functions like "starts-with" and "contains" are not currently supported.

Source Advanced XML filtering in the Windows Event Viewer

However, as w32sh pointed out in a comment, it is possible with PowerShell. See this Stack Overflow question: Using XPath starts-with or contains functions to search Windows event logs

Stack Exchange Network

How to search string in Event Viewer XML Query?

1 Answer 1

I want to search all Events which contain LIKE 192.168.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
windows
event-log
event-viewer
.

Hot Network Questions

How to search string in Event Viewer XML Query?

1 Answer 1

I want to search all Events which contain LIKE 192.168.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged windowsevent-logevent-viewer.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
windows
event-log
event-viewer
.