EVT Input Format From-Entity Syntax

Log Parser

previous page next page

EVT Input Format From-Entity Syntax

<from-entity> ::= <event_log> [ , <event_log> ... ]
<event_log> ::= [\\<computer_name>\]<event_log_name> |
<event_log_backup_filename>
The <from-entity> specified in queries using the EVT input format is a comma-separated list of:
  • Names of Event Logs ("System", "Application", "Security", or a custom event log), optionally preceded by the name of a remote computer in the UNC notation;
  • Paths of Event Log backup files (.evt files), optionally including wildcards.
Names of custom event logs that include space characters must be specified within single-quote characters.

Examples:

FROM System, Application, \\SERVER2\System, \\SERVER2\Application

FROM System, Application, 'My Custom Event Log'

FROM D:\MyEVTLogs\*.evt, \\SERVER2\D$\MyEVTLogs\*.evt

FROM System, D:\MyEVTLogs\System.evt

© 2004 Microsoft Corporation. All rights reserved.

previous page start next page