Is it possible to filter WMI queries using a 'where' clause?

(imported topic written by drbyars91)

For example:

selects "* from Win32_NTLogEvent Where

Logfile=‘Security’ and eventcode= ‘123’" of wmi

I’ve tried several variations with no success so my assumption is that the where clause is not supported by the BigFix inspector?

(imported comment written by SystemAdmin)

Your assumption is not correct, but is a bit mis-stated.

I believe the where clause isn’t ‘specifically’ supported by the Bigfix inspector directly, but it passes the entire query over to the OS to handle, which is why you will get a windows specific error back if the query isn’t written correctly. Or even if it is written correctly, you may not get any results back.

Your query works fine on my machine - but just comes back with no data. When you try working with WMI queries, you might try being a bit less restrictive with your Where filter parameters to ensure you get at least some data back. Once you do, you can examine the results and fine tune your query.

Alternatively, using the forums Search function and entering “WMI where” (without the quotes) would have provided you with a good number of posts from which you could have figured out that A) the ‘Where’ clause can be used and B) how to use it.

-Jim

(imported comment written by SystemAdmin)

The select statement is correct other than the line break. I tried the same thing in RD, but changing eventcode from 123 (which I don’t have) to 1100 (which is in my security events).

selects “* from Win32_NTLogEvent Where Logfile=‘Security’ and EventCode= ‘1100’” of wmi

-Paul

(imported comment written by BenKus)

I don’t think this has much to do with BigFix if it isn’t working… As far as I know, ‘where’ clause support in WMI was added in XP (or maybe Vista?) so if you have older OSes, wmi where causes won’t work…

Ben