Request trial
Request Trial

im_msvistalog filters

View thread
LP_577584

Hello,

I'm trying to query some EventID with a specific SeverityValue in "im_msvistalog", the config is something like this:

<Input eventlog> Module im_msvistalog <QueryXML> <QueryList> <Query Id='0'> <Select Path='System'>*[System[(EventID=6005 or EventID=6008 or EventID=7036)]</Select> </Query> </QueryList>
</QueryXML> Exec if $SeverityValue NOT IN (2, 4) drop(); Exec $Message =~ s/(\t|\R)/ /g;

I'm trying for a test to output on file, but nothing is outputted.

Anyone has some hint?

Thanks

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS