Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsVB SyntaxEnterprise DevelopmentDatabase AccessControlsCOMWin APICrystal ReportDeploymentGeneralGeneral 2
Related Topics
VB.NET / ASP.NETMS SQL ServerMS AccessOther Database ProductsMore Topics ...

VB Forum / General / June 2005


Tip: Looking for answers? Try searching our database.

Speed up a WMI query

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Bob Smith - 30 Jun 2005 15:21 GMT
Hi Everyone,

Can anyone see how I could speed up this WMI Query? I am looking for 2
specific events that occured in the time frame specified. I do this against a
120 servers and it takes a good hour and a half to run. It seems the WMI
query is what taked a long time.

Set colItems = objWMIService.ExecQuery("SELECT
InsertionStrings,Eventcode,TimeWritten FROM Win32_NTLogEvent Where
Logfile='Security' and TimeWritten >= '" & dtmStartDate & "' and TimeWritten
< '" & dtmEndDate & "' and Eventcode='123' Or Logfile='Security' and
TimeWritten >= '" & dtmStartDate & "' and TimeWritten < '" & dtmEndDate & "'
and Eventcode='456'", "WQL",wbemFlagReturnImmediately + wbemFlagForwardOnly)
Reply to this Message
Zoury - 30 Jun 2005 20:07 GMT
Hi Bob ! :O)

well... it kinda seems to be normal since you do run the query 120 times
over a network.. :O)

There should be no need to specify these filters twice :
   Logfile='Security' and
   TimeWritten >= '" & dtmStartDate & "' and
   TimeWritten < '" & dtmEndDate & "'

You can use parenthetical subexpressions like this :
Set colItems = objWMIService.ExecQuery( _
"SELECT InsertionStrings, " & _
               "Eventcode, " & _
               "TimeWritten " & _
"FROM Win32_NTLogEvent " & _
"Where Logfile='Security' and " & _
           "TimeWritten >= '" & dtmStartDate & _"' and " & _
           "TimeWritten < '" & dtmEndDate & "' and " & _
           "(Eventcode='123' Or Eventcode='456')", _
   "WQL", _
   wbemFlagReturnImmediately Or wbemFlagForwardOnly)

I doubt it will change something though.. i've got the feeling that the WQL
parser did not apply these filters twice will processing the query..

and btw, although in this case it didn't change anything, the folowing
statement :
wbemFlagReturnImmediately + wbemFlagForwardOnly

should really be :
wbemFlagReturnImmediately Or wbemFlagForwardOnly

Since it's a flag value (bitmask). ie. (1 + 3) <> (1 Or 3), right ?

Signature

Best Regards
Yanick

Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.