004 2008-11-23 02:18:49 0 %%827|1.1.1593.0|{9CB31878-8FED-45F4-B45F-AF8A3EC94F7A}|||||WIN|108510|S-1-5-21-1229272821-838170752-1417001333-21676|Unknown||0|44|http://go.microsoft.com/fwlink/?linkid=74409|service%3AW32Times;file%3AC:\WINDOWS\system32\w32times.exe|0|%%807|||||||Not Yet Classified|Not Yet Classified||
I have the above information in a system event log (sysevent.evt) and am trying to create a batch file that will search throughout other event logs on some of the other systems and pull out any information with the string "w32times." This is what I have tried without success, it searches through the logs but returnes 0 values.
I:\LogParser>logparser -i:EVT -o:DATAGRID "SELECT EventID, TimeGenerated, EventCategory, Strings FROM c:\Temp\Sysevent.Evt WHERE EventID= '3004' AND Strings='W32Times'"
Statistics:
Elements processed: 28727 Elements output: 0 Execution time: 0.19 seconds
I have tried it with lower case letters and also used the LIKE command after strings