2.2.17 Result Set

An event query or subscription returns multiple events in the result set. The result set is a buffer containing one or more variable length EVENT_DESCRIPTOR structures, as specified in [MS-DTYP] section 2.3.1. Methods that return multiple events always return an array of offsets into the buffer for the individual events.

The records are transferred as a set of bytes. All integer fields in this structure MUST be in little-endian byte order (that is, least significant byte first).


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

totalSize

headerSize

eventOffset

bookmarkOffset

binXmlSize

eventData (variable)

...

numberOfSubqueryIDs

subqueryIDs (variable)

...

bookMarkData (variable)

...

totalSize (4 bytes): A 32-bit unsigned integer that contains the total size in bytes of this structure, including the header.

headerSize (4 bytes): This MUST always be set to 0x00000010.

eventOffset (4 bytes): This MUST always be set to 0x00000010.

bookmarkOffset (4 bytes): A 32-bit unsigned integer that contains the byte offset from the start of this structure to bookMarkData.

binXmlSize (4 bytes): Size in bytes of the BinXml data in the eventData field.

eventData (variable):  A byte-array that contains variable length BinXml data.

numberOfSubqueryIDs (4 bytes):  Number of subqueryIDs fields that follow. This is 0 if the event is selected by an XPath expression (rather than a structured XML query).

subqueryIDs (variable):  An array of subquery IDs. Events that are selected using a structured XML query can be selected by one or more subqueries. Each subquery has either an ID specified in the XML element that defines the subquery, or defaults to 0xFFFFFFFF. This list has an entry for each subquery that matches the event. If two subqueries select the event, and both use the same ID, the ID only is listed once.

bookMarkData (variable): A byte-array that contains variable length bookmark data, as specified:

A query can refer to several channels or backup event logs. A subscription can refer to several channels. To accurately record the state of a query, it is necessary to know where the file cursor (bookmark) is with respect to those channels or backup event logs. The bookmark data is encoded as follows. Note that all integer fields in this structure MUST be in little-endian byte order (that is, least significant byte first).


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

bookmarkSize

headerSize

channelSize

currentChannel

readDirection

recordIdsOffset

logRecordNumbers (variable)

...

bookmarkSize (4 bytes): A 32-bit unsigned integer that contains the total size in bytes of the bookmark, including the header and logRecordNumbers.

headerSize (4 bytes): A 32-bit unsigned integer, and MUST be set to 0x00000018.

channelSize (4 bytes):  A 32-bit unsigned integer that contains the number of channels in the query. This is the number of elements in logRecordNumbers.

currentChannel (4 bytes):  A 32-bit unsigned integer that indicates what channel the current event is from.

readDirection (4 bytes): A 32-bit unsigned integer that contains the read direction. 0x00000000 indicates chronological order based on time written, and 0x00000001 indicates reverse order.

recordIdsOffset (4 bytes): A 32-bit unsigned integer that contains the byte offset from the start of the header to logRecordNumbers.

logRecordNumbers (variable):  An array of 64-bit unsigned integers that contain the record numbers for each of the channels or backup event logs. The order of the record numbers MUST match the order of the channels or backup event logs in the query (for example, the first channel in the query corresponds to the first member of the array).

Show: