wevtutil qe Application

-

hi all,

i'm struggling query event , hoping may able help, query is:

wevtutil qe application "/q:*[application [(eventid=2)]]" /f:text /rd:true > c:\temp\eventid_1530.txt

the event i'm searching is:

- <event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">  - <system>    <provider name="microsoft-windows-search-profilenotify" guid="{fc6f77dd-769a-470e-bcf9-1b6555a118be}" eventsourcename="windows search service profile notification" />     <eventid qualifiers="49152">2</eventid>     <version>0</version>     <level>2</level>     <task>0</task>     <opcode>0</opcode>     <keywords>0x80000000000000</keywords>     <timecreated systemtime="2014-10-30t15:14:42.000000000z" />     <eventrecordid>59415</eventrecordid>     <correlation />     <execution processid="0" threadid="0" />     <channel>application</channel>     <computer>pc.domain.local</computer>     <security />     </system>  - <eventdata>    <data name="useraccount">domain\user</data>     <data name="errorcode">0x80004005</data>     <data name="errormessage">unspecified error</data>     <binary />     </eventdata>    </event>
take , let me know think?

hello,

based on test, seems command incorrect. please try run following command again. believe command wantd.

wevtutil query-events application /q:"event[system[(eventid=2)]]" /rd:true /format:text > c:\test.txt

if post helps you, please click mark answer button @ top of message. marking post answered, others find answer faster.



Windows Server  >  Windows Server General Forum



Comments

Post a Comment

Popular posts from this blog

Error: 0x80073701 when trying to add Print Services Role in Windows 2012 Standard

-
hello, i'm getting error when trying add print services role in windows 2012 standard. i'm getting same error whether use gui or powershell. this new server install. the powershell error follows: add-windowsfeature : request add or remove features on specified server failed. installation of 1 or more roles, role services, or features failed. the referenced assembly not found. error: 0x80073701 at line:1 char:1 + add-windowsfeature print-services + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     + categoryinfo          : invalidoperation: (@{vhd=; credent...name=localhost}:psobject) [install-windowsfeature],     exception     + fullyqualifiederrorid : dismapi_error__failed_to_enable_updates,microsoft.windows.servermanager.commands.addwind    owsfeaturecommand success restart needed exit code      feature result ------- -------------- ---------      -------------- false   no             failed         {} issue appreciated. hi, i think should st
Read more

Disconnecting from a Windows Server 2012 R2 file sharing session on a Windows 7,8,10 machine

-
i've been trying disconnect server while , haven't been able to. there quick way this? i've used net session , net user , work sometime never consistent. can task? hi yrusad, thanks post. does work when check “computer management > system tools > shared folders > open files/sessions”. directly manage from gui. and based on knowledge, quick way mentioned net session /delete /y. mean never consistent? best regards, mary please remember mark replies answers if , unmark them if provide no help. if have feedback technet subscriber support, contact tnmff@microsoft.com . Windows Server  >  Windows Server 2012 General
Read more

Event ID 64,77,1008 Certificates Events Windows Server 2008, 2008R2

-
hi guys, i need event ids. event id 64 clear - expired certificate. problem computers have new certificate ca of them keep old one. can remove them certificate store on computers or should check before? event id 77 - 1 strange me. warning , in same time don't see suspicious: "windows default" policy module logged following warning: active directory connection <domain controller name> has been reestablished <domain controller name>. have 4 dcs. should check or ignore these messages. event id 1008 - "certificate services client: credential roaming not performed because number of tokens in local store has exceeded limit." - i've checked articles credential roaming i'm not sure should do. if give tips , answers, great. in advance. hi, event id 64 clear - expired certificate. problem computers have new certificate ca of them keep old one. can remove them certificate store on computers or should check before? i assume these
Read more