EvtSeek function (winevt.h)
Seeks to a specific event in a query result set.
Syntax
BOOL EvtSeek(
[in] EVT_HANDLE ResultSet,
[in] LONGLONG Position,
[in] EVT_HANDLE Bookmark,
[in] DWORD Timeout,
[in] DWORD Flags
);
Parameters
[in] ResultSet
The handle to a query result set that the EvtQuery function returns.
[in] Position
The zero-based offset to an event in the result set. The flag that you specify in the Flags parameter indicates the beginning relative position in the result set from which to seek. For example, you can seek from the beginning of the results or from the end of the results. Set to 0 to move to the relative position specified by the flag.
[in] Bookmark
A handle to a bookmark that the EvtCreateBookmark function returns. The bookmark identifies an event in the result set to which you want to seek. Set this parameter only if the Flags parameter has the EvtSeekRelativeToBookmark flag set.
[in] Timeout
Reserved. Must be zero.
[in] Flags
One or more flags that indicate the relative position in the result set from which to seek. For possible values, see the EVT_SEEK_FLAGS enumeration.
Return value
| Return code/value | Description |
|---|---|
|
The function was successful. |
|
The function failed. To get the error code, call the GetLastError function. |
Remarks
You can use this function only on result sets from an Admin or Operational channel, or from .evtx log files.
Examples
For an example that shows how to use this function, see Bookmarking Events.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Target Platform | Windows |
| Header | winevt.h |
| Library | Wevtapi.lib |
| DLL | Wevtapi.dll |