Follow

WindowsEventLog Datasource Must Use Correct Specification to Filter Event Log

Applies To

  • Zenoss Resource Manager 5.1.x
  • Control Center 1.1.6

Summary

It is important to use the appropriate query command and source fields to enable the WindowsEventLog data source source filter to work in your environment.

Procedure

To create a custom WindowsEventLog data source using, for example, the Event Viewer source field from the Event Viewer logs, you must use the ProviderName instead of the Source.

For example, this incorrect command uses Source, and will fail:

{$$_.Level -le [System.Diagnostics.Eventing.Reader.StandardEventLevel]::Warning } -and { $$_.Source -Like '*SQL*' }

To create a custom WindowsEventLog data source, use the Event Viewer source field from the Event Viewer logs instead. In this case, use ProviderName, shown in the following example command:

 { ($$_.Level -le [System.Diagnostics.Eventing.Reader.StandardEventLevel]::Error) -and ($$_.ProviderName -like '*SQL*')}

Additional information about creating Microsoft Windows event log queries are located in the Microsoft Windows ZenPack ZenPack:Microsoft_Windows in the Zenoss wiki.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk