IF event id exists

Hi, I am trying to write a .ps1 script so that when it runs, it checks the existence of two different event IDs, and searching specific data within the event ID. If both event IDs exist and the specific texts within each respective event ID exists, this script will do this, if not, do something else. So far i got this. How do I combine it ?

$xpath = @"
    <QueryList>
        <Query Id="0" Path="Security">
            <Select Path="Security">
                *[System[EventID=4688]]
                and
                *[EventData[Data and (Data='C:\Windows\System32\cmd.exe')]]
            </Select>
        </Query>
    </QueryList>
"@

Get-WinEvent -FilterXml $xpath

$xpath = @"
    <QueryList>
        <Query Id="0" Path="Security">
            <Select Path="Security">
                *[System[EventID=4616]]
                and
                *[System[Computer='DELL']]
            </Select>
        </Query>
    </QueryList>
"@

Get-WinEvent -FilterXml $xpath

So if both event IDs 4688 & 4616 exist AND cmd.exe in 4688 and DELL in 4646 exists, then it’ll do this, if not, do that, etc. Thankyou all.

I’m not sure if I understand the question. If you want to control the program using a conditional statement you use an if statement or a Where-Object.

Here you can read more about:

And if you want to combine multiple conditions you can use logical operators. Here you can read more about:

This is what I mean, but for some reason, it does not work.

Your condition does not check the event log. It only checks the text representation of the filter XML.

Do you get any result when you run the queries with Get-WinEvent by themselfs?
Try this:

if (
    (Get-WinEvent -FilterXml $xpath1) -and 
    (Get-WinEvent -FilterXml $xpath2)) {
    'Cool'
}
else {
    'not cool'
}