Skip to main content

Event Viewer XML Filtering by Source

By
There are situations where you wanted to exclude certain sources (event providers) when analyzing Windows Event Logs. For example, in figure 1 below, say you wanted to exclude events from Lib_SLP and still see the rest, how would you do that?

 

 

Figure 1. Source is Lib_SLP

 

First, head over to Details tab, XML View. Observe the XML structure - we are interested to the System | Provider elements. 

Figure 2. XML VIew

 

To filter out that provider, click on Filter Current Log.. and type the following:


Figure 3. XML Filter View



<QueryList>

  <Query Id="0" Path="Application">

    <Select Path="Application">

        *[System[Provider[@Name!="Lib_SLP"]]]

    </Select>

  </Query>

</QueryList>


REF: T:001



Labels:

Comments

Post a Comment

Popular posts from this blog

Error! Could not locate dkms.conf file install VirtualBox 4.1.8 on Ubuntu 11.10

By
Tried to update my Ubuntu host today and it did pickup that new version of VirtualBox is available (4.1.8). All other packages installed properly except that VirtualBox installation was complaining about missing dkms.conf file, see error message below. $: sudo /etc/init.d/vboxdrv setup * Stopping VirtualBox kernel modules [ OK ] * Uninstalling old VirtualBox DKMS kernel modules Error! Could not locate dkms.conf file. File: does not exist. [ OK ] * Trying to register the VirtualBox kernel modules using DKMS [ OK ] * Starting VirtualBox kernel modules [ OK ] Though it looks like installation was fine but I am concerned about its effects to VirtualBox functionality. To fix this, do: $: cd /var/lib/dkms/vboxhost $: sudo rm -r 4.1.4 $: sudo /etc/init.d/vboxdrv setup Of course you have to re
11 comments
Read more

The following add-ins could not be started MonoDevelop.GnomePlatform

By
Installing MonoDevelop in OpenSUSE 12.2 from its repository was very easy. When running it for the first time though I got the message: The following add-ins could not be started: The root of the trace shows MonoDevelop.GnomePlatform,2.8 A quick search shows that MonoDevelop depends on libgnomeui . This should have been part of dependencies when installing the application but well.... Below is the screen shot of the error message. References: http://software.1713.n2.nabble.com/MonoDevelop-and-openSUSE-12-1-td7462957.html [2013/04/09] - Same issue observed in OpenSUSE 12.3 and also the same fix. [2014/11/02] - Same issue observed in OpenSUSE 13.3, mondevelop 3.0.6 and the same fix.
21 comments
Read more