All posts filed under: WQL

Attaching scripts or tasks to Windows event log entries using PowerShell and WMI

During a few load test iterations on a SharePoint farm, I started seeing some SQL exceptions in the application log of SharePoint servers. If you are familiar with SharePoint platform, you may have seen these events such as event ID 3355. This event complains that the SharePoint server cannot connect to SQL server. This need not really mean that the DB server is offline. So, to find out the real reason behind these event logs, I needed to start some trace activities whenever event ID 3355 gets logged. Initially, I was looking for eventtriggers.exe which is meant for attaching a script or task to an event log. However, I could neither find this on Windows Server 2008 R2 nor an external download. So, I wanted to look at other options I had.  I found that there are multiple ways to achieve this. Attach to script or task to the event in Windows Event Viewer You can find this option in event viewer. This link is available in the actions pane of event viewer upon selecting …

eBook: WMI Query Language via PowerShell

If you read the WQL series of posts on this blog, you may be aware by now that I was working on converting that series in to an eBook. So, finally, I made it. This ebook has 9 chapters (56 pages of WMI and PowerShell goodness) and here is the high-level content outline: Introduction Tools for the job WMI Data queries WMI Event Queries: Introduction Intrinsic Event Queries Extrinsic Event Queries Timer Events WMI Schema Queries WMI Event consumers As you see above, the content of this book much more than what was there in the blog posts. I have included a bonus chapter (WMI event consumers) to show how permanent event consumers can be create using both WMI and the PowerEvents module by @pcgeek86. I’ve spent almost 38hrs of editing on this book. This is excluding the hours my friends — Shay Levy, @Alexandair, Philip LaVoie, and Robert Robelo — spent reviewing the content. I am very thankful to them for spending their weekend reviewing this ebook and providing the feedback. Their feedback really …

WMI Query Language (WQL) – Schema Queries

These posts in the form of an ebook now available Here are the links to all articles in this series of posts on WQL. 1. WMI query language – An introduction 2. WMI query language – Keywords and Operators 3. WMI query language – Data Queries: SELECT, FROM, and WHERE 4. WMI query language – Data Queries: Associators Of 5. WMI query language – Data Queries: References Of 6. WMI query language – Event Queries: Introduction 7. WMI query language – Event Queries: Syntax 8. WMI query language – Event Queries: Intrinsic Events 9. WMI query language – Event Queries: Extrinsic Events 10. WMI query language – Schema queries (this post) In this last and final part of this series, we will look at how to use WQL for querying the WMI schema. Schema queries are used to retrieve class definitions (rather than class instances) and schema associations. In simple words, if you need to find out what type of information (this is what schema really means) a specific class holds, you use schema queries.Here is …

WMI Query Language (WQL) – Event Queries: Extrinsic Events

These posts in the form of an ebook now available Here are the links to all articles in this series of posts on WQL. 1. WMI query language – An introduction 2. WMI query language – Keywords and Operators 3. WMI query language – Data Queries: SELECT, FROM, and WHERE 4. WMI query language – Data Queries: Associators Of 5. WMI query language – Data Queries: References Of 6. WMI query language – Event Queries: Introduction 7. WMI query language – Event Queries: Syntax 8. WMI query language – Event Queries: Intrinsic Events 9. WMI query language – Event Queries: Extrinsic Events (this post) 10. WMI query language – Schema queries In this part of the WQL series, we shall look at extrinsic events. Extrinsic events represent events that do not directly link to standard WMI model. For example, Windows registry defines extrinsic events for all registry change events. For intrinsic events, having a WMI provider isn’t mandatory. This is mostly because they are defined within the standard WMI model and WMI takes care of these …

WMI Query Language (WQL) – Event Queries: Intrinsic Events

These posts in the form of an ebook now available Here are the links to all articles in this series of posts on WQL. 1. WMI query language – An introduction 2. WMI query language – Keywords and Operators 3. WMI query language – Data Queries: SELECT, FROM, and WHERE 4. WMI query language – Data Queries: Associators Of 5. WMI query language – Data Queries: References Of 6. WMI query language – Event Queries: Introduction 7. WMI query language – Event Queries: Syntax 8. WMI query language – Event Queries: Intrinsic Events (this post) 9. WMI query language – Event Queries: Extrinsic Events 10. WMI query language – Schema queries In this part of the WQL series, I will introduce intrinsic WMI events. Intrinsic events are used to monitor a resource represented by a class in the CIM repository. In other words, the intrinsic events occur in response to a change in the standard WMI data model. WMI creates intrinsic events for objects stored in the WMI repository. A provider generates intrinsic events for dynamic classes, but WMI …

WMI Query Language (WQL) – Event Queries: Syntax

These posts in the form of an ebook now available Here are the links to all articles in this series of posts on WQL. 1. WMI query language – An introduction 2. WMI query language – Keywords and Operators 3. WMI query language – Data Queries: SELECT, FROM, and WHERE 4. WMI query language – Data Queries: Associators Of 5. WMI query language – Data Queries: References Of 6. WMI query language – Event Queries: Introduction 7. WMI query language – Event Queries: Syntax (This post) 8. WMI query language – Event Queries: Intrinsic Events 9. WMI query language – Event Queries: Extrinsic Events 10. WMI query language – Schema queries The WMI query syntax for event queries is a bit different and deserves a discussion. So, before we delve in to the types of event queries, let us first look at the syntax for WQL event queries. As we discussed earlier, we use SELECT statement for event queries too. We can combine this with other keywords such as WITHIN, HAVING, and GROUP to change how we …