EventLog XML查询筛选日期范围
似乎找不到在特定日期范围内查询事件日志的正确语法EventLog XML查询筛选日期范围,xml,windows,event-log,Xml,Windows,Event Log,似乎找不到在特定日期范围内查询事件日志的正确语法 <QueryList> <Query Id="0" Path="Security"> <Select Path="Security"> *[EventData[Data[@Name='SubjectUserName'] and (Data='test')]] and *[System[TimeCreated[@SystemTime'] &a
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">
*[EventData[Data[@Name='SubjectUserName'] and (Data='test')]]
and
*[System[TimeCreated[@SystemTime'] >= '2015-01-24T00:00:000Z']]
and
*[System[TimeCreated[@SystemTime'] <= '2015-01-26T00:00:000Z']]
</Select>
</Query>
</QueryList>
*[EventData[Data[@Name='SubjectArchitectureName']和(Data='test')]]
和
*[系统[创建的时间[@SystemTime']='2015-01-24T00:00:000Z']]
和
*[系统[创建的时间[@SystemTime']='2015-01-26T00:00:000Z']]
`
<QueryList>
<Query Id="0" Path="Security">
<Select Path="Security">
*[EventData[Data[@Name='SubjectUserName'] and (Data='test')]]
and
*[System[TimeCreated[@SystemTime] >= '2015-01-24T00:00:000Z']]
and
*[System[TimeCreated[@SystemTime] <= '2015-01-26T00:00:000Z']]
</Select>
</Query>
</QueryList>'
`
*[EventData[Data[@Name='SubjectArchitectureName']和(Data='test')]]
和
*[System[TimeCreated[@SystemTime]='2015-01-24T00:00:000Z']
和
*[System[TimeCreated[@SystemTime]='2015-01-26T00:00:000Z']
'
此语法错误:[System[TimeCreated[@SystemTime]=…
它必须是[System[TimeCreated[@SystemTime=…
见下面我的更正
<QueryList>
<Query Id="0" Path="System">
<Select Path="System">
*[System[TimeCreated[@SystemTime>='2017-12-28T00:00:00' and @SystemTime<='2018-01-04T00:00:00']]]
</Select>
</Query>
</QueryList>
*[系统[创建的时间[@SystemTime='2017-12-28:00:00'和@SystemTime='2018-01-04T00:00:00']]