MCPcopy
hub / github.com/saltstack/salt / query

Function query

salt/modules/win_event.py:428–515  ·  view source on GitHub ↗

Query a log for a specific event_id. Return the top number of records specified. Use the :py:func:`win_event.get_log_names ` to see a list of available logs on the system. .. Note:: You can use the Windows Event Viewer to create the

(log_name, query_text=None, records=20, latest=True, raw=False)

Source from the content-addressed store, hash-verified

426
427
428def query(log_name, query_text=None, records=20, latest=True, raw=False):
429 """
430 Query a log for a specific event_id. Return the top number of records
431 specified. Use the
432 :py:func:`win_event.get_log_names <salt.modules.win_event.get_log_names>`
433 to see a list of available logs on the system.
434
435 .. Note::
436 You can use the Windows Event Viewer to create the XPath query for the
437 ``query_text`` parameter. Click on ``Filter Current Log``, configure the
438 filter, then click on the XML tab. Copy the text between the two
439 ``<Select>`` tags. This will be the contents of the ``query_text``
440 parameter. You will have to convert some codes. For example, ``&gt;``
441 becomes ``>``, ``&lt;`` becomes ``<``. Additionally, you&#x27;ll need to
442 put spaces between comparison operators. For example: ``this >= that``.
443
444 Args:
445
446 log_name (str): The name of the log to query
447
448 query_text (:obj:`str`, optional):
449 The filter to apply to the log.
450 Default is ``None``.
451
452 records (:obj:`int`, optional):
453 The number of records to return.
454 Default is 20
455
456 latest (:obj:`bool`, optional):
457 ``True`` will return the newest events. ``False`` will return the
458 oldest events.
459 Default is ``True``.
460
461 raw (:obj:`bool`, optional):
462 ``True`` will return the raw xml results. ``False`` will return the
463 xml converted to a dictionary.
464 Default is ``False``.
465
466 Returns:
467 list: A list of dict objects that contain information about the event
468
469 CLI Example:
470
471 .. code-block:: bash
472
473 # Return the 20 most recent events from the Application log with an event ID of 22
474 salt '*' win_event.query Application '*[System[(EventID=22)]]'
475
476 # Return the 20 most recent events from the Application log with an event ID of 22
477 # Return raw xml
478 salt '*' win_event.query Application '*[System[(EventID=22)]]' raw=True
479
480 # Return the 20 oldest events from the Application log with an event ID of 22
481 salt '*' win_event.query Application '*[System[(EventID=22)]]' latest=False
482
483 # Return the 20 most recent Critical (1) events from the Application log in the last 12 hours
484 salt '*' win_event.query Application '*[System[(Level=1) and TimeCreated[timediff(@SystemTime) <= 43200000]]]'
485

Callers

nothing calls this directly

Calls 3

parseMethod · 0.45
appendMethod · 0.45

Tested by

no test coverage detected