We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

LIKE in EventLog Message columnRSS

1 reply

Last post Mar 24, 2004 08:15 AM by Anonymous

  • LIKE in EventLog Message column

    Mar 23, 2004 02:53 PM|Anonymous|LINK

    I am trying to perform the following query:

    SELECT
     TO_STRING(TO_LOCALTIME(TimeGenerated), 'MM/dd/yyyy') AS HitDate,
     COUNT(*) AS Hits
    FROM ApplicationLog*.Evt
    TO EventLog.csv
    WHERE (Message LIKE '%10061%')
    GROUP BY HitDate
    ORDER BY HitDate

    The query returns 0 records. I had another query that used "WHERE SourceName = 'COM+'" and that worked fine. Is there an issue with using LIKE on the Message field? Are there limitations that I'm not aware of?

    Thanks.

    EVT input format

  • Re: LIKE in EventLog Message column

    Mar 24, 2004 08:15 AM|Anonymous|LINK

    Well, this is a well-written query, I can't see why it shouldn't work...

    Just a couple of possibilities:

    - Are you executing the command in a batch file? If so, the cmd shell will replace %10061% with the value of the environment variables (most likely an empty string); to workaround this, I think you should type '%%10061%%' or '^%10061^%'

    - Are you 100% sure that there are messages containing '10061' ?

    P.S.: a FYI regarding your ORDER BY: your HitDate is a STRING now, so the ordering happens lexicographically, i.e. 01/02/2004 comes BEFORE 02/01/1999...is this really what you want?

    ------------------------------
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm

    EVT input format