Last active
July 7, 2016 07:52
-
-
Save JohnBaek/37621fc52a1f3966e4e11bd45788bbff to your computer and use it in GitHub Desktop.
eventvwr_keyword_filtering.evtx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <QueryList> | |
| <Query Id="0" Path="file://C:\Users\john123\Desktop\test.evtx"> | |
| <Select Path="file://C:\Users\john123\Desktop\test.evtx">*[EventData[(Data='/pay/common/BillingResult.aspx')]]</Select> | |
| </Query> | |
| </QueryList> | |
| //엑셀 추출 메서드 | |
| =MID(B1121,FIND(" User host address:",B1121,1)+19,15) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment