We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

LIKE in EventLog Message columnRSS

1 reply

Last post Mar 24, 2004 08:15 AM by Anonymous

  • LIKE in EventLog Message column

    Mar 23, 2004 02:53 PM|Anonymous|LINK

    I am trying to perform the following query:

     TO_STRING(TO_LOCALTIME(TimeGenerated), 'MM/dd/yyyy') AS HitDate,
     COUNT(*) AS Hits
    FROM ApplicationLog*.Evt
    TO EventLog.csv
    WHERE (Message LIKE '%10061%')
    GROUP BY HitDate
    ORDER BY HitDate

    The query returns 0 records. I had another query that used "WHERE SourceName = 'COM+'" and that worked fine. Is there an issue with using LIKE on the Message field? Are there limitations that I'm not aware of?


    EVT input format

  • Re: LIKE in EventLog Message column

    Mar 24, 2004 08:15 AM|Anonymous|LINK

    Well, this is a well-written query, I can't see why it shouldn't work...

    Just a couple of possibilities:

    - Are you executing the command in a batch file? If so, the cmd shell will replace %10061% with the value of the environment variables (most likely an empty string); to workaround this, I think you should type '%%10061%%' or '^%10061^%'

    - Are you 100% sure that there are messages containing '10061' ?

    P.S.: a FYI regarding your ORDER BY: your HitDate is a STRING now, so the ordering happens lexicographically, i.e. 01/02/2004 comes BEFORE 02/01/1999...is this really what you want?

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm

    EVT input format