I have a c++ application that queries for the log files using the WMI Query language.I have queried for the Wmi32_NTLogEvent class and retrieved some information.The problem is i'm not able to read all the properties from the log file. When i converted the log file to a csv file it consisted of the following headers
"Message","Id","Version","Qualifiers","Level","Task","Opcode","Keywords","RecordId","ProviderName","ProviderId","LogName","ProcessId","ThreadId","MachineName","UserId","TimeCreated","ActivityId","RelatedActivityId","ContainerLog","MatchedQueryIds","Bookmark","LevelDisplayName","OpcodeDisplayName","TaskDisplayName","KeywordsDisplayNames","Properties"
A single log file entry is a follows :
"Windows service started.","0",,"0","4","0",,"36028737058963468","98","DigitalDelivery",,"Dell",,,"vignesh",,"14-01-2018 11:06:35",,,"c:\windows.old\windows\system32\winevt\logs\dell.evtx","System.UInt32[]","System.Diagnostics.Eventing.Reader.EventBookmark","Information","Info",,"System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]","System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]"
Using the properties given in the Win32_NTLogEvent class i am only able read only few properties(ie.,headers) and it contains no information on properties like Keywords,ProcessId , ThreadId , Bookmark , LevelDisplayName , KeyWordDisplayName , Properties. How can i read all these missing properties
