documentation.HELP! Log Parser Documentation

EVT Input Format From-Entity Syntax

Log Parser

previous page next page

EVT Input Format From-Entity Syntax

<from-entity>	::=	<event_log> [ , <event_log> ... ]
<event_log>	::=	[\\<computer_name>\]<event_log_name> | <event_log_backup_filename>

The <from-entity> specified in queries using the EVT input format is a comma-separated list of:

• Names of Event Logs ("System", "Application", "Security", or a custom event log), optionally preceded by the name of a remote computer in the UNC notation;
• Paths of Event Log backup files (.evt files), optionally including wildcards.

Names of custom event logs that include space characters must be specified within single-quote characters.

Examples:

FROM System, Application, \\SERVER2\System, \\SERVER2\Application

FROM System, Application, 'My Custom Event Log'

FROM D:\MyEVTLogs\*.evt, \\SERVER2\D$\MyEVTLogs\*.evt

FROM System, D:\MyEVTLogs\System.evt

---

© 2004 Microsoft Corporation. All rights reserved.

previous page start next page

Get in touch

Submit feedback about this site to:

• [email protected]