QueryType Complex Type
Defines a set of selector and suppressor queries that are used to include events in or exclude events from the result set.
<xs:complexType name="QueryType">
<xs:choice
maxOccurs="unbounded"
>
<xs:element name="Select">
<xs:complexType
mixed="true"
>
<xs:attribute name="Path"
type="anyURI"
/>
</xs:complexType>
</xs:element>
<xs:element name="Suppress">
<xs:complexType
mixed="true"
>
<xs:attribute name="Path"
type="anyURI"
/>
</xs:complexType>
</xs:element>
</xs:choice>
<xs:attribute name="Id"
type="long"
use="optional"
/>
<xs:attribute name="Path"
type="anyURI"
use="optional"
/>
</xs:complexType>
Child elements
| Element | Type | Description |
|---|---|---|
| Select | An XPath query that identifies the events to include in the query result set. Specify the XPath in the text body of this element. The XPath is limited to 32 expressions. |
|
| Suppress | An XPath query that identifies the events to exclude from the query result set. Specify the XPath in the text body of this element. The XPath is limited to 32 expressions. |
Attributes
| Name | Type | Description |
|---|---|---|
| Id | long | An identifier that uniquely identifies this query in your list of queries. The identifier is zero-based. You must specify an identifier if your query list contains more than one query. |
| Path | anyURI | The name of the channel or the path to the log file that contains the events. |
| Path | anyURI | The name of the channel or the path to the log file that contains the events. |
| Path | anyURI | Not used. |
Remarks
The query must have at least one select statement. For each suppress statement, there must be at least one select statement that specifies the same path. If the select and suppress query return the same events, the suppress statement takes precedence. If you select events from multiple sources, the events are returned in time stamp order. If you use the system time stamp and the rate of events is high, it is possible that more than one event will have the same time stamp. When this occurs, the ordering of events becomes ambiguous and the events may appear out of order.
If you specify a path for one of the queries in the list of queries, all of the queries must specify a path. If you do not specify a path for all of the queries, you must specify the path when calling the EvtQuery or EvtSubscribe function.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows Vista [desktop apps only] |
| Minimum supported server |
Windows Server 2008 [desktop apps only] |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for