Get Events by Type

[wymangr]

Is there a way to filter the events that are searched to only the "Error" and not "warning" or "info"?

I'm trying to count the number of "disk" errors in my event log and trying to speed up the code a little bit by not having to iterate through every event in the event log.

Here is my code:

	diskErrors := 0.0

	t, _ := evtx.Open(`C:\Windows\System32\winevt\Logs\System.evtx`)
	defer t.Close()

	e := t.FastEvents()
	path := evtx.Path("Event/System/EventID/Qualifiers")

	for a := range e {
		d, _ := a.GetMap(&path)

		if d != nil {

			var providerData map[string]interface{} = *d
			switch providerData["Qualifiers"] {
			case "49156":
				switch providerData["Value"] {
				case "7":
					diskErrors += 1
				}
			}
		}
	}

Any help would be appreciated!