EVT_QUERY_FLAGS enumeration

Defines the values that specify how to return the query results and whether you are query against a channel or log file.

Syntax


typedef enum _EVT_QUERY_FLAGS { 
  EvtQueryChannelPath          = 0x1,
  EvtQueryFilePath             = 0x2,
  EvtQueryForwardDirection     = 0x100,
  EvtQueryReverseDirection     = 0x200,
  EvtQueryTolerateQueryErrors  = 0x1000
} EVT_QUERY_FLAGS;

Constants

EvtQueryChannelPath

Specifies that the query is against one or more channels. The Path parameter of the EvtQuery function must specify the name of a channel or NULL.

EvtQueryFilePath

Specifies that the query is against one or more log files. The Path parameter of the EvtQuery function must specify the full path to a log file or NULL.

EvtQueryForwardDirection

Specifies that the events in the query result are ordered from oldest to newest. This is the default.

EvtQueryReverseDirection

Specifies that the events in the query result are ordered from newest to oldest.

EvtQueryTolerateQueryErrors

Specifies that EvtQuery should run the query even if the part of the query generates an error (is not well formed). The service validates the syntax of the XPath query to determine if it is well formed. If the validation fails, the service parses the XPath into individual expressions. It builds a new XPath beginning with the left most expression. The service validates the expression and if it is valid, the service adds the next expression to the XPath. The service repeats this process until it finds the expression that is failing. It then uses the valid expressions that it found beginning with the leftmost expression as the XPath query (which means that you may not get the events that you expected). If no part of the XPath is valid, the EvtQuery call fails.

Remarks

The EvtQueryChannelPath and EvtQueryFilePath flags are mutually exclusive. The EvtQueryForwardDirection and EvtQueryReverseDirection flags are also mutually exclusive.

You can retrieve events only in a forward direction from Debug and Analytic channels and from .evt and .etl log files.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

WinEvt.h

See also

EvtQuery

 

 

Community Additions

ADD
Show:
© 2014 Microsoft