I am working on a tool which provides an effective way to interact with Event Logs on Windows machine. One of the functionality of this tool is to search in the description. It works well however it takes very long time if we are searching in large number of events. It takes even longer if we open an event log file rather than viewing the local event logs on the system.
Currently I am using EventRecord.FormatDescription method to get the description and then perform a match on it. I noticed it takes at least 100 milliseconds to get the FormatDescription before I can perform a search on it. It is not acceptable as it is causing too much delay in completing the search. It is one of the important features of the tool so I cannot compromise on it.
I have tried EventLogPropertySelector to extract the Data property: "Event/EventData/Data" of the event via event xml however it does not always contain the right description. It gets me the results really fast however I do not always get the search results:
For example, uptime event:
Description:
The system uptime is 660093 seconds.
<EventData>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>
</Data>
<Data>660093</Data>
<Data>60</Data>
<Data>
</Data>
<Binary>31002E003100000030000000570069006E0064006F0077007300200031003000200045006E00740065007200700072006900730065000000310030002E0030002E003200320036003200310020004200750069006C0064002000320032003600320031002000200000004D0075006C0074006900700072006F0063006500730073006F007200200046007200650065000000320032003600320031002E006E0069005F00720065006C0065006100730065002E003200320030003500300036002D00310032003500300000003600340065003500620063006300370000004E006F007400200041007600610069006C00610062006C00650000004E006F007400200041007600610069006C00610062006C0065000000390000003800000031003600310036003600000034</Binary>
</EventData>