Home/ Questions/Q 7649917
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T11:06:59+00:00

I’m trying to read data from the WMI Win32_NTLogEvent class, but I only want

  • 0

I’m trying to read data from the WMI Win32_NTLogEvent class, but I only want to read instances where TimeWritten falls within a date range.

I’m using the WMI module for Python which allows for a pure WMI Query(1) or a parameterized approach(2):

  1. c.query("Select SourceName, Message from Win32_NTLogEvent where EventType =1, Logfile = \"Application\"")

  2. c.Win32_NTLogEvent(EventType =1, Logfile = "Application")

The problem is, I can’t seem to get either to accept my date arguments. I’ve tried several date formats including the rather obscure WMI style, and my only success was using the 2nd approach above with the = operator, which doesn’t really help:

c.Win32_NTLogEvent(EventType =1, Logfile = "Application", TimeWritten = "20110421013749.000000-000")

I know I could filter the result set in my Python code, but I’m fairly certain this can be done in the query. I guess I’m just missing something. Anyone have suggestions?

Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    your WQL sentence is wrong

    Replace this code

    c.query("Select SourceName, Message from Win32_NTLogEvent where EventType =1, Logfile = \"Application\"")

    by this one 

    c.query("Select SourceName, Message from Win32_NTLogEvent where EventType =1 AND Logfile = \"Application\" AND TimeWritten<=\"20110421013749.000000-000\" ")

    Note : I don’t know much about python (but i know a couple of things about the WMI), so maybe you must escape the special chars in another way.

    • 0