Filtering TimeGenerated in WQL

Anything VBScript-related, including Windows Script Host, WMI, ADSI, and more.
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Locked
User avatar
EBrant
Posts: 99
Joined: Thu Feb 02, 2012 1:51 am

Filtering TimeGenerated in WQL

Post by EBrant » Fri Nov 30, 2012 1:21 am

Hello All

Can someone please help me with the following question.


I have a script as follows:

Basically it echos Ernie to the screen for every 1001 event "as long as the event was created today"

Now what I would like to do is filter the WQL further by adding AND TimeGenerated

for example TempStr below is 20121130 (as today is the 30 Nov 2012)

Therefore I want to say something like AND TimeGenerated LIKE 'TempStr%' but this does not work.

Can someone please tell me how I can use TimeGenerated in WQL comparing to a variable like todays date for example to only pull back todays event, rather than all the "If Then Next" I am doing.

Thanks All in advance

On Error Resume Next

Dim objWMIService, colItems, objItem, today, day1, month1, year1, TempStr

today = Cstr(Date())
day1 = Left(today,2)
month1 = mid(today,4,2)
year1 = Right(today,4)
TempStr = year1 & month1 & day1



Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}.rootcimv2")
'Set colItems = objWMIService.ExecQuery ("Select * FROM Win32_NtLogEvent WHERE LogFile = 'Application' AND EventCode = 1001 AND TimeGenerated LIKE ''")

Set colItems = objWMIService.ExecQuery ("Select * FROM Win32_NtLogEvent WHERE LogFile = 'Application' AND EventCode = 1001")

For Each objItem in colItems


If mid(objItem.timegenerated,7,2) = day1 Then
If mid(objItem.timegenerated,5,2) = month1 Then
If left(objItem.timegenerated,4) = year1 Then

WScript.Echo "Ernie"


End If
End If
End If


Next
On Error GoTo 0

User avatar
jvierra
Posts: 13266
Joined: Tue May 22, 2007 9:57 am
Contact:

Filtering TimeGenerated in WQL

Post by jvierra » Fri Nov 30, 2012 9:54 am

Just use the WMI helper for datetimes:
http://msdn.microsoft.com/en-us/library ... s.85).aspx

THis allows ytou to convert the stringinto a real datetime object and use it with VBscript or with PowerShell, C, C++ C# etc.

User avatar
EBrant
Posts: 99
Joined: Thu Feb 02, 2012 1:51 am

Filtering TimeGenerated in WQL

Post by EBrant » Fri Nov 30, 2012 8:09 pm

Thanks Jim, I will check it out :)
Ernie

Locked