Bug fix for the issue identified in 2.2 where some records didn't have associated messages. These records turned out to be null values. When viewing these in the GUI you will get a message similar to the following:
The description for Event ID X from source Y cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
< ORIGINAL DATA HERE >
In other words, the program that created this event is not on the system. Since Windows dynamically generates messages (apparently for localization reasons), it cannot re-create the message event. I don't know how it does this in the GUI or why it doesn't do it programmatically, but it fills in a null value instead. Therefore, the best I can do at the moment is dump the entire XML so at least the data is there for searching.
In my case (in the event you want to know what to look for) the message will start with:
EventRecord.FormatDescription() returned a null value. This is usually because:
"Either the component that raises this event is not installed on your local computer
or the installation is corrupted. You can install or repair the component on the local computer."
The event likely originated on another system, below is the XML data associated with this event< XML DUMP >
More information:
https://stackoverflow.com/questions/54853671/c-sharp-parsing-eventlog-from-another-host-formatdescription-is-null
https://www.reddit.com/r/csharp/comments/auayz5/parsing_eventlog_from_another_host/
$sha256sum EventFinder.exe
7460425d281455ef6f74e7262e09ee2d86ef8b0754cade399044fc67e5561854 EventFinder.exe