EvtGetEventInfo function

Gets information that identifies the structured XML query that selected the event and the channel or log file that contained the event.

Syntax


BOOL WINAPI EvtGetEventInfo(
  _In_   EVT_HANDLE Event,
  _In_   EVT_EVENT_PROPERTY_ID PropertyId,
  _In_   DWORD PropertyValueBufferSize,
  _In_   PEVT_VARIANT PropertyValueBuffer,
  _Out_  PDWORD PropertyValueBufferUsed
);

Parameters

Event [in]

A handle to an event for which you want to retrieve information.

PropertyId [in]

A flag that identifies the information to retrieve. For example, the query identifier or the path. For possible values, see the EVT_EVENT_PROPERTY_ID enumeration.

PropertyValueBufferSize [in]

The size of the PropertyValueBuffer buffer, in bytes.

PropertyValueBuffer [in]

A caller-allocated buffer that will receive the information. The buffer contains an EVT_VARIANT object. You can set this parameter to NULL to determine the required buffer size.

PropertyValueBufferUsed [out]

The size, in bytes, of the caller-allocated buffer that the function used or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.

Return value

Return code/valueDescription
TRUE

The function succeeded.

FALSE

The function failed. Use the GetLastError function to get the error code.

 

Remarks

If the query that you passed to EvtQuery or EvtSubscribe was an XPath instead of a structured XML query, the query identifier will be zero and the path will be the path that you passed to the function.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

WinEvt.h

Library

Wevtapi.lib

DLL

Wevtapi.dll

 

 

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.