QRadar WinCollect: How to use Microsoft Event Viewer to create an XPath Query

Troubleshooting

Problem

The Microsoft® Event Viewer can be used to create an XPath query. An XPath query allows administrators to explicitly include or exclude specific events. An XPath query can also be used for instances where you have applications that require custom logging of events.

[{"Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtwAAA","label":"WinCollect"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.3.3;7.4.0;7.4.1;7.4.2"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Was this topic helpful?

Document Information

More support for:
IBM Security QRadar SIEM

Component:
WinCollect

Software version:
7.3.3, 7.4.0, 7.4.1, 7.4.2

Document number:
6416015

Modified date:
23 March 2021

UID

ibm16416015

IBM Support

Tips