I have made a script that reads the Windows event log for system/application and does some simple statistics for last 7 days.
Number of errors for the period, as well as number of warnings etc.
Works great!
—> QUESTION: <—
How to write PowerShell code that shows which Event IDs are the most common? Like a top ten list of warnings/errors or something like that.
Start-date ; end-date ; EventID; XX ; Frequency ; YY
(*) Frequence just means number of hits/occurences for that specific event-id. The top 5 or so would do just fine. But I need to measure out exactly which event id is the most common/hast the most hits/highest frequency/most occurences
What I have done so far is a foreach that counts up the event-id with increments of 1 at a time - but that is not very elegant and is way to slow (considering that theoretically the range would be 1-65535)
Cmdlets you would need are Get-WinEvent, Group-Object and a Foreach loop. Try to put some code after reading online help docs for these cmdlets.
Share the code when you get stuck/error here… people will help.
[quote quote=167389]Cmdlets you would need are Get-WinEvent, Group-Object and a Foreach loop. Try to put some code after reading online help docs for these cmdlets.
Share the code when you get stuck/error here… people will help.
[/quote]
Thanks!
This solved my problem - I think!
This is what I came up with:
### PowerShell version 2.0 (1.0?)
# Read from disk once
$systemerror = get-eventlog -LogName SYSTEM -EntryType Error -After (get-date).adddays(-8) -before (get-date).adddays(-1)
# count,name (name = event id)
$systemerror | Group-Object -Property InstanceID
### PowerShell version 3.0, 4.0, 5.1
# Read from disk once
$systemerror = Get-WinEvent -filterhashtable @{
LogName='SYSTEM';
Level='2';
StartTime=(get-date).adddays(-8);
EndTime=(get-date).adddays(-1);
}
# count,name (name = event id)
$systemerror | Group-Object -Property ID | Select-Object Count,Name