Need to filter our Information messages from Windows Event Log

Comments

3 comments

  • Avatar
    Ben Newton

    You almost have it right. It turns out that, since Events Logs are multi-line messages, you need to match the entire log message, not just a single line. I have used this successfully for another customer doing the same thing:

    (?s).*Type\s+=\s+\"Information\".*(?s).*

     

    Let me know if it doesn't work for you!

    0
    Comment actions Permalink
  • Avatar
    Ning Song

    Thanks. I try right away!

    0
    Comment actions Permalink
  • Avatar
    Ning Song

    I tried it. Seems to work.

    Thanks!

    0
    Comment actions Permalink

Please sign in to leave a comment.