4.5 Structured Query Example

The following is an example of a structured XML query. It contains two subqueries with the IDs of 1 and 2.

 <?xml version="1.0" encoding="UTF-8"?>
 <QueryList>
 <Query Id="1" Path="System">
 <Select Path="Microsoft-Windows-PrintSpooler/Operational">
 *[System/Level=1]
 </Select>
 <Select>*[System/Level=2]</Select>
  <Suppress>*[UserData/*/PrinterName="MyPrinter"]</Suppress>
 </Query>
 <Query Id="2" Path="file://c:/dir1/dir2/file.evtx">
 <Select>*[System/Level=2]</Select>
 </Query>
 </QueryList>