Query Schema
The Query Schema defines the following elements and types that you can use to write a structured XML query to retrieve events from a channel or log file:
The elements section contains the names of the elements that you use in your query; however, to get the details for each element, see the complex type that contains the element.
A query can contain one or more XPath expressions that are used to include or exclude event in the query result set. You can query for events from multiple channels or log files but you cannot mix channels and log files. You can use a query in any function that takes an XPath (for example, the EvtQuery or EvtSubscribe functions). Each XPath that you specify is limited to 32 expressions. For an example, see Consuming Events.
The Windows SDK includes the schema in the \Include\Query.xsd file.
In addition to the Query schema, Windows Event Log also defines the following schemas:
- EventManifest Schema—defines the elements and types used to write an instrumentation manifest.
- Event Schema—defines the elements and types used to render an event.
Related topics
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for