This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 63%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYM%3C/text%3E%3C/svg%3E)
Hi!
I'm writing a C++ program dealing with Windows events logs.
But I'm confusing how can I parse all details information under the tag EventData from a Windows event record?
Here's what I know so far:
The following picture is a snapshot from Microsoft Learn, and the lines marked red is what I wanna get.
Thanks for helping!! :)
Kevin Chiu
Hi @Anonymous You could refer to this document: Retrieving Event Data Using MOF
Or you could use EvtCreateRenderContext with EvtRenderContextValues to get specific properties from the event. See the sample Rendering Events
If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thanks @Drake Wu - MSFT for your help!
I'm figuring out your suggestion and trying to merge it into my program.
I'll update this thread if I'm still stuck. : )