This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi,
I am creating a problem to try and make my life a little easier.
Occasionally, I am asked to locate a keyword within a machines (application) Event log, and I then need to look (approx) 2 minutes after this is located to see if another keyword is there.
I can do the keyword searches, but I am having an issue with the timeframe . it seems to the searching the event logs from the originally specified time, and not up to the 2nd specified time ( ie: it's searching till the most recent log entry, not just the 1st keyword time stamp + 120seconds).
I have tried to reduce the time windows to 60 seconds, but I still get the same amount of results back (4, in my test scenario, when I should only get 2).
I'm sure I have made a mistake with the < > code, but am having trouble seeing what I have done incorrectly.
Could someone point out what tI have done wrong ?
string log = "Application";
EventLog demoLog = new EventLog(log);
EventLogEntryCollection entries = demoLog.Entries;
foreach (EventLogEntry entry in entries.Cast<EventLogEntry>())
{
if (entry.Message.Contains(_keyword))
{
richTextBox1.AppendText("Date: " + entry.TimeGenerated + Environment.NewLine);
richTextBox1.AppendText("--------------------------------" + Environment.NewLine + Environment.NewLine);
richTextBox1.AppendText(entry.Message + Environment.NewLine);
richTextBox1.AppendText(Environment.NewLine + Environment.NewLine);
----> this line foreach (EventLogEntry entry2 in entries.Cast<EventLogEntry>().Where(e => entry.TimeGenerated <= entry.TimeGenerated.AddSeconds(60)))
{
if (entry2.Message.Contains("Failed to insert"))
{
_errorCount++;
richTextBox1.AppendText("Date: " + entry2.TimeGenerated + Environment.NewLine);
richTextBox1.AppendText("--------------------------------" + Environment.NewLine + Environment.NewLine);
richTextBox1.AppendText(entry2.Message + Environment.NewLine);
richTextBox1.AppendText(Environment.NewLine + Environment.NewLine);
}
}
}
}
Thank you in advance
Consider this condition:
...Where( e => e.TimeGenerated > entry.TimeGenerated && e.TimeGenerated <= entry.TimeGenerated.AddSeconds(120))
Thank you for coming back so quickly.
I tried this code, but no errors come back, and I know there are 2 around the time frame.
The issue was/is that the timestamps on the 2nd keyword searches = the timestamp on the 1st, so I amend the line to :
...Where( e => e.TimeGenerated >= entry.TimeGenerated && e.TimeGenerated <= entry.TimeGenerated.AddSeconds(120))
and I got my 2 errors (which fall within the time frame)
THANK YOU :-)