TechQA.

WEVTUtil Filter from a source

1.8k views Asked by At

I have been trying to filter the Application log from WEVTUtil in order to view specific log. However, in filtering for event id 1036, there are two separate publishers. I want to be able to just get the events from MsiInstaller, but cannot for the life of me figure out how to and I can't seem to find anything on this.

wevtutil qe Application "/q:*[System [(EventID=1036)]] /f:text

This is working for me, but it is not showing me the events from MsiInstaller alone. How should I go about this.

windows powershell command-line command wevtutil
Original Q&A
2

There are 2 answers

0
Flynn On BEST ANSWER

Found an answer to my own question after enough head scratching! This filters out all the queries that have conflicting sources (ie. not the one I wanted).

wevtutil qe Application "/q:*[System [(EventID=1036)][Provider[@Name='MsiInstaller']]]" /f:text
0
Ash On

A PowerShell alternative is Get-WinEvent.

Example:

Get-WinEvent -FilterHashtable @{LogName="Application";ID=1033;ProviderName='MsiInstaller'}

You can set the log name and Event ID as necessary.

Related Questions in WINDOWS

Related Questions in POWERSHELL

Related Questions in COMMAND-LINE

Related Questions in COMMAND

Related Questions in WEVTUTIL

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions