Hi,
I am stuck on where I have gone wrong in regards to running get-winevent -path across a lot of archived event logs. I have run the below from within the directory containing the archived event logs that are all in the .evtx format
$obj=@()
Get-ChildItem | Select-Object -ExpandProperty fullname | foreach {[pscustomObject]$obj += “‘$_’”}
$Logarray = $obj -join(‘,’)
This gives me an object in with the form: <shortened version>
‘C:\temp\PowershellLogs\Microsoft-User Experience Virtualization-AgentDriver%4Operational.evtx’,‘C:\temp\PowershellLogs\Microsoft-User Experience Virtualization-App Agent%4
Operational.evtx’,‘C:\temp\PowershellLogs\Microsoft-User Experience Virtualization-IPC%4Operational.evtx’
I get the below error when running the command in the console
Get-WinEvent -Path $Logarray
Get-WinEvent : Cannot find drive. A drive with the name '‘C’ does not exist.
At line:1 char:1
If I copy and paste a quantity of the items in the object into the -path variable it seems to work, but not from using the $Logarray object. The Help file indicates it can accept a comma separated list of file paths - perhaps I have gone about this thw wrong way?