Windows log filtering
Hi there!Need help in managing windows logs… I need to receive logs that are only fall into warning and critical category. I understand that I need to use <Query> to filter logs, BUT I don't quite understand how to throw away info logs… It must be if $some_value_from_log == ‘INFO’ drop();Or maybe<QueryXML> <QueryList> <Query Id='1'> <Select Path='System'>'WARNING'</Select> </Query> </QueryList> </QueryXML>As for now my <Input> collect everything that fall into system logs category via select path… Any ideas?
Found my answer. So for me it was ReadFromLast TRUE <QueryXML> <QueryList> <Query Id="0" Path="System"> <Select Path="System">*[System[(Level=1 or Level=2 or Level=3)]]</Select> </Query> <Query Id="0" Path="Application"> <Select Path="Application">*[System[(Level=1 or Level=2 or Level=3) and TimeCreated[timediff(@SystemTime) <= 86400000]]]</Select> </Query>
</QueryList> </QueryXML>
