EvtGetEventInfo function (winevt.h)
Gets information that identifies the structured XML query that selected the event and the channel or log file that contained the event.
Syntax
BOOL EvtGetEventInfo(
[in] EVT_HANDLE Event,
[in] EVT_EVENT_PROPERTY_ID PropertyId,
[in] DWORD PropertyValueBufferSize,
[in] PEVT_VARIANT PropertyValueBuffer,
[out] PDWORD PropertyValueBufferUsed
);
Parameters
[in] Event
A handle to an event for which you want to retrieve information.
[in] PropertyId
A flag that identifies the information to retrieve. For example, the query identifier or the path. For possible values, see the EVT_EVENT_PROPERTY_ID enumeration.
[in] PropertyValueBufferSize
The size of the PropertyValueBuffer buffer, in bytes.
[in] PropertyValueBuffer
A caller-allocated buffer that will receive the information. The buffer contains an EVT_VARIANT object. You can set this parameter to NULL to determine the required buffer size.
[out] PropertyValueBufferUsed
The size, in bytes, of the caller-allocated buffer that the function used or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.
Return value
| Return code/value | Description |
|---|---|
|
The function succeeded. |
|
The function failed. Use the GetLastError function to get the error code. |
Remarks
If the query that you passed to EvtQuery or EvtSubscribe was an XPath instead of a structured XML query, the query identifier will be zero and the path will be the path that you passed to the function.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Target Platform | Windows |
| Header | winevt.h |
| Library | Wevtapi.lib |
| DLL | Wevtapi.dll |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for