I want to extract only some information from windows event viewer applying bigfix analysis, for example from the next message.
The Time Zone Data Update tool for Microsoft Office Outlook completed.
2 items updated in ‘Mailbox - Wilson, Peta’. Additional information in
C:\DOCUME~1\Username\LOCALS~1\Temp\Outlook Time Zone Update.log
I need to get :
2 Items updated in ‘Mailbox - Wilson, Peta’ and
Username
I tried this, however the text is larger.
concatenation “&” of substrings after “completed” of descriptions of records whose (description of it contains “items updated in”) of application event log
Here is an example of relevance string parsing (using “following text” and “preceding text”):
q: (preceding text of first “.” of following text of first “completed.” of it & ", " & preceding text of first “” of following text of first “” of following text of first “:” of it) of “The Time Zone Data Update tool for Microsoft Office Outlook completed. 2 items updated in ‘Mailbox - Wilson, Peta’. Additional information in C:\DOCUME~1\Username\LOCALS~1\Temp\Outlook Time Zone Update.log”
A: 2 items updated in ‘Mailbox - Wilson, Peta’, Username
Which can end up as something like:
q: (preceding text of first “.” of following text of first “completed.” of it & ", " & preceding text of first “” of following text of first “” of following text of first “:” of it) of descriptions of records whose (description of it contains “items updated in”) of application event log
I can’t test it here, but see if that works for you.
If the format isn’t consistent across computers, this may need to be adjusted… Also note that the event log inspectors can be relatively slow (couple seconds)… I recommend you collect this data infrequently.