Are NOT Operators available in PowerShell -Property queries ? Wildcard / string arrays / 'filter-left'

Learning what’s possible, and how, playing with Win10 Event Logs and pipeline queries…
JUST discovered ‘multi-search term’ (array) query syntax, simples

Doesn’t even need any brackets!

Get-EventLog -LogName System -EntryType ‘Error’,‘Warning’ | select -First 10

Is it possible to do the opposite, and construct a query to say return objects (eg logs) where property (eg -LogName) is not ‘a’,‘b’ … ?

I know it’s possible with the WHERE (filter-right) but wonder if also somehow possible to NOT query
whether it requires some sort of splatting funk

Help mentions loads of great stuff. but not sure if ^ this is possible

about Logical Operators - PowerShell | Microsoft Docs

{! | -NOT} <statement>

Does that make sense, and is it possible?


Actually not. At leat not for me.

First of all - Do not use Get-EventLog anymore as it is deprecated. Use Get-WinEvent instead.

Second … do you have a real world use case for your question? On a normal Windows system you have about 500 different logs. I’d expect you’d rather want to choose which ones to show not which ones not to show.

But … still … the parameter -LogName from the cmdlet Get-WinEvent can take an array of strings. So you still get the logs you want to show in advance and provide them as a list.

Just to mention it at least once … the paramater -LogName of the cmdlet Get-EventLog can only take 1 log name at a time! :wink:

Thanks, maybe the example command was poor!

A rewording of the question may be,

Is it possible to use negative operators in statements like

#OPPOSITE of get arrays elements in array1 not array2 eg (1…10) && (3…5)
#expected 3,4,5
! ((1…10) && (3…5))
#expected 1,2,7,8,9,10

!(Get-command get*)
#get any commands that don’t match get*

I think the answer is ‘no, not possible : pipe to where-obkect’ but will test further with array and splats


Eg for property like - source, which supports string array wildcard (I think?!)

If the parameter of whatever cmdlet you’re about to use takes an array of strings you can use any expression you like to produce these kind of array. The type of the output of the expression has to match the type of input expected by the cmdlet.

BUT … the more complex those expressions are the harder to read will your code be.

Again … Get-EventLog is deprecated and should not be used anymore. Use Get-WinEvent instead.

That’s your actual issue I think … you should not think or guess you should read. Most of the time the documentation is pretty clear. You should learn how to read it.