How to filter windows event log with wildcard?
Solution 1:
The XPath selector must begin with *, however you cannot use * to filter fields as Xpath 1.0 has no contains
operator.
https://blogs.technet.microsoft.com/askds/2011/09/26/advanced-xml-filtering-in-the-windows-event-viewer/
XPath 1.0 Limitations: Windows Event Log supports a subset of XPath 1.0. There are limitations to what functions work in the query. For instance, you can use the
position
,Band
, andtimediff
functions within the query but other functions likestarts-with
andcontains
are not currently supported.
Solution 2:
Use Powershell
Get-EventLog -LogName "System" | ?{$_.Message -like "*YourSearchString*"} | Out-GridView