EvtSeek function

Seeks to a specific event in a query result set.

Syntax


BOOL WINAPI EvtSeek(
  _In_ EVT_HANDLE ResultSet,
  _In_ LONGLONG   Position,
  _In_ EVT_HANDLE Bookmark,
  _In_ DWORD      Timeout,
  _In_ DWORD      Flags
);

Parameters

ResultSet [in]

The handle to a query result set that the EvtQuery function returns.

Position [in]

The zero-based offset to an event in the result set. The flag that you specify in the Flags parameter indicates the beginning relative position in the result set from which to seek. For example, you can seek from the beginning of the results or from the end of the results. Set to 0 to move to the relative position specified by the flag.

Bookmark [in]

A handle to a bookmark that the EvtCreateBookmark function returns. The bookmark identifies an event in the result set to which you want to seek. Set this parameter only if the Flags parameter has the EvtSeekRelativeToBookmark flag set.

Timeout [in]

Reserved. Must be zero.

Flags [in]

One or more flags that indicate the relative position in the result set from which to seek. For possible values, see the EVT_SEEK_FLAGS enumeration.

Return value

Return code/valueDescription
TRUE

The function was successful.

FALSE

The function failed. To get the error code, call the GetLastError function.

 

Remarks

You can use this function only on result sets from an Admin or Operational channel, or from .evtx log files.

Examples

For an example that shows how to use this function, see Bookmarking Events.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

WinEvt.h

Library

Wevtapi.lib

DLL

Wevtapi.dll

See also

EvtNext
EvtQuery

 

 

Show: