Logparser 2.2 on Sysevent.evt using strings

004 2008-11-23 02:18:49 0 %%827|1.1.1593.0|{9CB31878-8FED-45F4-B45F-AF8A3EC94F7A}|||||WIN|108510|S-1-5-21-1229272821-838170752-1417001333-21676|Unknown||0|44|http://go.microsoft.com/fwlink/?linkid=74409|service:W32Times;file:C:\WINDOWS\system32\w32times.exe|0|%%807|||||||Not Yet Classified|Not Yet Classified||

I have the above information in a system event log (sysevent.evt) and am trying to create a batch file that will search throughout other event logs on some of the other systems and pull out any information with the string "w32times." This is what I have tried without success, it searches through the logs but returnes 0 values.

I:\LogParser>logparser -i:EVT -o:DATAGRID "SELECT EventID, TimeGenerated, EventCategory, Strings FROM c:\Temp\Sysevent.Evt WHERE EventID= '3004' AND Strings='W32Times'"

Statistics:

Elements processed: 28727 Elements output: 0 Execution time: 0.19 seconds

I have tried it with lower case letters and also used the LIKE command after strings

13.10.2009 22:10:27
1 ОТВЕТ

logparser -i:EVT -o:DATAGRID "SELECT EventID, TimeGenerated, EventCategory, Strings FROM c:\Temp\Sysevent.Evt WHERE EventID= '3004' AND Strings like '%W32Times%'"

1
13.10.2009 22:22:20