Get-EventLog help.

by john808 at 2013-03-06 08:24:49


I’m wokring a script to collect events from the application log. I found part of a script but would like to make some changes and I’m hoping for some advice. When the script runs it will collect events over a 24 hour period, but I don’t want to see repeat alerts, I would prefer to see a count of repeat alerts.

This is script I have at the moment…

}Write-Host “Querying servers for event log errors in the last 24 hours…”;
Write-Host “”;

foreach($server in $servers)
Write-Host $server;
Write-Host “====================================”;
Write-Host “”;
foreach($log in $logs)
Write-Host “$log Event Log”;
Write-Host “=================”;
Get-EventLog -ComputerName ****** -LogName application -EntryType Error, warning -After $(Get-Date).AddHours(-24) | Format-Table -AutoSize;
by DonJ at 2013-03-06 08:30:18
First, stop using Write-Host. That’ll skew the output.

Second, try piping the results to Group-Object and grouping on the eventid property. See if that gets you closer to what you want.
by john808 at 2013-03-06 08:34:42
Thanks for the prompt reply.

What would you suggest instead of Write-Host? I plan to write the final output to a text file.
by DonJ at 2013-03-06 08:40:04
Write-Host isn’t redirectable to a file. If you’re just looking to set some “header” content in the file, send that to the file first:

“Heading” | Out-File whatever.txt

Then do your actual output:

Get-EventLog -Logname Security -Newest 100 | Group-Object -Property EventID | Whatever | Out-File whatever.txt -append

HTML would be better, and offers a lot more flexibility. See my free ebook on HTML reporting at, if you like.
by john808 at 2013-03-06 08:50:22
Thanks a lot for the advice. I’ve removed the write-host parts all together now and just used the part below

Get-EventLog -ComputerName localhost -LogName application -EntryType Error, warning, information -After $(Get-Date).AddHours(-24)`
| group-object -Property eventid |format-list

I’ve run some other scripts that gave a html output and it looks good, but I thought first I will just get an text output then progress. I’m finished for today but will no doubt have more questions tomorrow :slight_smile:

Thanks again for your time and advice.
by john808 at 2013-03-12 08:14:17

I’m trying to run the above mentioned script on some remote servers. The problem I’m having is adding in a prompt for credentials. I’ve tried “-credential **” but this doesn’t seem to work when using the above script.

I’m suspecting I maybe need to use “get-wmiobject -class *****”, but I’m not sure how to go about this? I’ve previous added credentials in to a script successfully but I’m not sure where I’m going wrong. I think I’ve looked at this for so long I can’t see the easy answer.

by MasterOfTheHat at 2013-03-13 07:47:09
Get-EventLog doesn’t support using alternate credentials, so you would either have to start the powershell session using those credentials or just use Get-WinEvent instead since it supports a -credential parameter.

Pretty much identical output:
Get-WinEvent -ComputerName server01 -LogName application -Credential (Get-Credential) | Where-Object timecreated -gt “
03/10/2013” | Group-Object ID