Parsing Window Events Log

Comments

2 comments

  • Avatar
    Kevin Keech

    In Event logs the "Type" is typically a string whereas "EventType" is an integer. This means the "Type" value is usually surrounded by quotes, but the EventType value is not. So with this in mind the following parse statement should work.

    | parse "Type = \"*\";" as type

     

    0
    Comment actions Permalink
  • Avatar
    mustafa.a.alamin

    That worked perfectly.  Thank you !

    0
    Comment actions Permalink

Please sign in to leave a comment.