Here is what I have -
2010-10-05T12:37:55-05:00 xxx.xxx.xxx.xxx [lpr.info] SERVERNAME: Scan ID: 1283612407,Begin: 2010-09-04 15:00:03,End: 2010-09-04,Completed,Duration (seconds): 196,User1: username,User2: username,"Scan started on selected drives and folders and all extensions.","Scan Complete: Risks: 0 Scanned: 1012 Files/Folders/Drives Omitted: 0",Command: Not a command scan (),Threats: 0,Infected: 0,Total files: 1012,Omitted: 0,Computer: computername,IP Address: xxx.xxx.xxx.xxx,Domain: domainname,Server: servername
I want to run a query where Risks, Threats, or Infected are greater than 0.
(Scan Complete:) AND (Risks: <0) OR (Threats: <0) OR (Infected: <0)
The problem I'm having is that I do not know how to get "<0" into the query.
Any assistance is much appreciated.
Do these fields get extracted? Scan Complete, Risks, Threats, Infected? If yes you can try: Try:
<your search> | WHERE Risks > 0 AND Infected > 0 ...etc..
If these fields do not get extracted then you can try something like:
<your search> NOT ("Scan Complete:" OR "Risks: 0") ..etc...
Hope this helped.