EvtSeek function (winevt.h)

Seeks to a specific event in a query result set.

Syntax

BOOL EvtSeek(
  [in] EVT_HANDLE ResultSet,
  [in] LONGLONG   Position,
  [in] EVT_HANDLE Bookmark,
  [in] DWORD      Timeout,
  [in] DWORD      Flags
);

Parameters

[in] ResultSet

The handle to a query result set that the EvtQuery function returns.

[in] Position

The zero-based offset to an event in the result set. The flag that you specify in the Flags parameter indicates the beginning relative position in the result set from which to seek. For example, you can seek from the beginning of the results or from the end of the results. Set to 0 to move to the relative position specified by the flag.

[in] Bookmark

A handle to a bookmark that the EvtCreateBookmark function returns. The bookmark identifies an event in the result set to which you want to seek. Set this parameter only if the Flags parameter has the EvtSeekRelativeToBookmark flag set.

[in] Timeout

Reserved. Must be zero.

[in] Flags

One or more flags that indicate the relative position in the result set from which to seek. For possible values, see the EVT_SEEK_FLAGS enumeration.

Return value

Return code/value Description
TRUE
The function was successful.
FALSE
The function failed. To get the error code, call the GetLastError function.

Remarks

You can use this function only on result sets from an Admin or Operational channel, or from .evtx log files.

Examples

For an example that shows how to use this function, see Bookmarking Events.

Requirements

   
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Target Platform Windows
Header winevt.h
Library Wevtapi.lib
DLL Wevtapi.dll

See also

EvtNext

EvtQuery