I am getting an error here because the application event log is empty. I was expecting this to return True.
What are my options for checking if the event log contains records?
q:(not exists records whose ((event id of it = 1073742825) and (source of it as lowercase = "winlogon") and (description of it as lowercase contains "windows has finished checking your disk") and (now - time generated of it <30*day)) of application event log)
E: The expression could not be evaluated: Windows Error: Reached the end of the file.
and
q:exists record of application event log
E: The expression could not be evaluated: Windows Error: Reached the end of the file.
Hmm… looks like you found a bug with empty event logs (filed as bug #25450)… This expression should return false instead of an error…
I have a workaround with some crazy relevance for you… see if this works:
exists true whose (if ((not exists records whose ((event id of it = 1073742825) and (source of it as lowercase = “winlogon”) and (description of it as lowercase contains “windows has finished checking your disk”) and (now - time generated of it <30*day)) of application event log) ) then false else true)
(double check I didn’t get the true/false reversed…)
I ran into this same problem on a WinXP SP/3 workstation. I’m using V8. I’m very new to BigFix and not sure how to query the bugtracker. Does anyone know if this bug has been fixed in V8 or can post a link to the BugTracker so I can look it up?