Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 4 years and 4 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
XML and XPath can query with more conditions such as reading and testing multi0ple properties in the data of the event.
search for the filter names to find articles describing the use and behavior of each type of filter. Hashtable filters are simple and usable for queries that don't need to query the data in detail. Read the help and examples for all filters carefully.
Attached are some examples of XPath and XML queries.
There is a speed difference if you use the correct query for your needed results. If you only need what is available on the command line then that is all you need. Each method has its strengths and weaknesses. You will have to choose the correct method based on what you are trying to return. The hashtable is simplest but may end up searching the whole log to complete the query where a correctly designed XML or XPath filter can retrieve records quickly without returning unwanted records.
The articles linked show you how to use the wizard to create XPath queries. In the end the syntax is so simple that an elementary school kid can learn it in an afternoon. XML makes this trivial. The articles show the few oddities that are not obvious at first.
The XPath is a simple two level structure that simply defines the path to the values and a simple matching mechanism that uses "=","<=",">-",
!=".
An hour of reading and experimenting will give you a very powerful tool.
This topic is 4 years and 4 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.