Esteban
10/20/2020, 4:09 PMseph
10/20/2020, 4:17 PMEsteban
10/20/2020, 4:20 PMalessandrogario
10/20/2020, 4:55 PMseph
10/20/2020, 5:15 PMalessandrogario
10/20/2020, 5:17 PMWHERE channel =
clause and also set a configurable limit of events that can be read from the event sourceseph
10/20/2020, 6:17 PMEsteban
10/21/2020, 1:13 PMseph
10/21/2020, 1:19 PMselect * from windows_eventlog
is the issue. That attempts to read most events into ram, and likely cause issues. Though I thought it had a required channel
and xpath
Though it’s a bit weird and complicated)Esteban
10/21/2020, 1:24 PMWHERE
clause and it "crashes", i usually do that way and works fine but i've never tested it with xpath
seph
10/21/2020, 2:14 PMEsteban
10/21/2020, 2:19 PMseph
10/21/2020, 2:20 PMselect * from windows_eventlog
, I get back an error. My device is not hung,select * from windows_eventlog where channel = "Security"
it’s taking a long time to return these results.Esteban
10/21/2020, 2:34 PMseph
10/21/2020, 2:35 PMEsteban
10/21/2020, 2:35 PMAkshay Kumar
10/21/2020, 2:40 PMwindows_eventlog
query without WHERE clause should return error log. It requires a channel or xpath to query the events. Also if you are querying the events without other constraints, it may take longer time depending on the number of events in the security
or Application
channel.Esteban
10/21/2020, 2:43 PMseph
10/21/2020, 2:46 PMAkshay Kumar
10/21/2020, 2:50 PMmax_windows_eventlog_events
flag with the query as suggested by @alessandrogario. This will reduce the query time.seph
10/21/2020, 2:51 PMAkshay Kumar
10/21/2020, 2:55 PMEsteban
10/21/2020, 2:55 PM