Skip to main content

QueryBuilder

windows_erg::evt::query

Struct QueryBuilder 

Source 
pub struct QueryBuilder { /* private fields */ }
Expand description

Query builder for constructing flexible event queries.

Supports building XPath queries with convenience methods while allowing raw XPath for advanced scenarios.

Implementations§

Source§

impl QueryBuilder

Source

pub fn new() -> Self

Create a new query builder.

Source

pub fn xpath(self, xpath: impl Into<Cow<'static, str>>) -> Self

Set a raw XPath query expression.

When set, this takes precedence over other builder fields. Example: "Event/System[EventID=4688]"

Source

pub fn level(self, level: EventLevel) -> Self

Filter by event level (1=Critical to 5=Verbose).

Source

pub fn provider(self, name: impl Into<Cow<'static, str>>) -> Self

Filter by provider/source name.

Source

pub fn event_id(self, id: u32) -> Self

Filter by specific event ID.

Source

pub fn reverse(self) -> Self

Query in reverse order (newest to oldest).

Note: Not supported on Debug/Analytic channels or .evt files.

Source

pub fn max_results(self, count: usize) -> Self

Limit maximum number of results returned.

Source

pub fn with_event_data(self) -> Self

Parse EventData fields into the data HashMap.

When enabled, extracts fields from event XML. Common field names are cached as static strings for performance.

Source

pub fn with_message(self) -> Self

Parse event message using publisher metadata.

When enabled, formats the event message using the provider’s message template. Returns None if publisher metadata is unavailable.

Source

pub fn should_parse_event_data(&self) -> bool

Check if EventData parsing is enabled.

Source

pub fn should_parse_message(&self) -> bool

Check if message parsing is enabled.

Source

pub fn build_xpath(&self) -> String

Build the final XPath query string.

Returns the XPath expression that will be passed to Windows Event Log API. If raw XPath was set, returns that. Otherwise, builds XPath from builder fields.

Source

pub fn is_reverse(&self) -> bool

Get whether query should be reversed.

Source

pub fn max_results_limit(&self) -> Option<usize>

Get maximum results limit if set.

Trait Implementations§

Source§

impl Clone for QueryBuilder

Source§

fn clone(&self) -> QueryBuilder

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for QueryBuilder

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for QueryBuilder

Source§

fn default() -> Self

Returns the “default value” for a type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.