Hello, I’m a first time poster here in this forum and I’m new to PowerShell, very new. I’m actually going through Mr. Jones’ Month of Lunches book. Not sure if this is the proper place to post this question, but here goes…
I have a few servers that have an error that has “SSPI” in body of the message. The command I’ve constructed is as follows (and is failing or just hanging):
So, know that Get-EventLog uses a fairly old communications architecture. Also, event logs aren’t indexed on the message field, meaning the command has to remotely perform a brute-force search of every single entry to find the text you’re after. I’m not surprised it’s hanging. And I believe it supports wildcards, but that’ll really just make it take longer. What would help is if you could restrict it a bit further using -Source or -InstanceID, or even -Before and -After, so it doesn’t have to plug through the entire log.
Get-WinEvent might could maybe possibly be a little faster, but I wouldn’t bet big money on it. Because Message isn’t indexed on the server, anything looking at it is just going to be a brute-force scan, and in a big log it’s gonna take a while.
Ahh, I see what you mean about the brute force stuff, that is a bummer. I’ve noticed that the -InstanceID and EventID aren’t always the same, so that makes it a pain. I was able to play around with the command a little bit and speed things up. That command was being run on servers that were over a WAN/MPLS link, so that wasn’t helping either.
As an aside, PowerShell is AWESOME!!! LOVE your book so far, it has made the journey so much better than I thought. I’ve very glad that I took the plunge
Help me Obi-Wan Kenobi…