by torroth at 2012-12-09 19:05:33
So here is the problem:by DonJ at 2012-12-10 02:34:29
List the last 50 entries in the System log using Get-WinEvent
Output 2 blank lines
List the last 50 entries in the Application log using Get-EventLog, sorting by Index
Output 2 blank lines
Using pipes, list the entries in the Application log using Get-EventLog that were written/generated in the last 30 days, sorting by Index
This is what I have so far with the script:
$entries = @(Get-winevent application -newest 50 |<br> Sort-Object Index)<br><br>foreach ( $element in $entries )<br>{ <br> $id = $element.Index.ToString()<br> $source = $element.Source.ToString()<br> $message = $element.Message.ToString()<br><br> Write-Host "$id
t $sourcet
t $message"
}
$entries2 = @(Get-EventLog system -newest 50 |<br> Sort-Object Index | out-default)<br><br>foreach ( $element in $entries2 )<br>{ <br> $id = $element.Index.ToString()<br> $source = $element.Source.ToString()<br> $message = $element.Message.ToString()<br><br> Write-Host "$id
t $sourcet
t $message"
}
Now it seems like the get-eventlog seems to be working but I can’t figure out how to get the get-winevent to work. I’ve search online but I’m just not finding anything that isn’t more than what I’m looking for. I am a real newb on this stuff. any help would be appreciated. Thanks in advance.
Can you give me an idea of your broader final goal here? I ask because you’re working a bit at cross-purposes with PowerShell; it’s not a text-based shell, and outputting formatted text like that isn’t its strongest suit. Is this data being consumed elsewhere after your script?by torroth at 2012-12-10 03:31:21
Also, have you looked at some of the examples in the help for Get-Event? It doesn’t use the same syntax as Get-EventLog. Take a look at http://technet.microsoft.com/en-us/libr … 49682.aspx - there’s a breakdown of the syntax and several good examples there. Get-WinEvent is definitely a little harder to use than Get-EventLog. I tend to prefer the latter if I’m getting to one of the old-style logs (Application, Security, System).
Consider dropping the Out-Default. You don’t specifically need it (like, ever), and in this case it might actually be working against you.
Well as I said. this is what I am trying to do:by nohandle at 2012-12-11 07:06:10
List the last 50 entries in the System log using Get-WinEvent
Output 2 blank lines
List the last 50 entries in the Application log using Get-EventLog, sorting by Index
Output 2 blank lines
Using pipes, list the entries in the Application log using Get-EventLog that were written/generated in the last 30 days, sorting by Index
I have to use get-winevent. I’ve looked at this site http://technet.microsoft.com/en-us/libr … 49682.aspx but I have no idea which one to use to access the application logs.
Ok, I am gonna just output to the screen with less events and and ordering by ID because I am not sure what you are reffering to as index.Get-winevent -LogName 'System' -MaxEvents 1
"n"<br>Get-winevent -LogName 'Application' -MaxEvents 1 | Sort-Object Id<br>"
n"
$filter = [xml]@'
<QueryList>
<Query Id="0" Path="Application">
<Select Path="Application">*[System[TimeCreated[timediff(@SystemTime) <= 3600000]]]</Select>
</Query>
</QueryList>
'@
Get-winevent -FilterXML $filter | Sort-Object Id
The filter was created in the event viewer GUI, (or computer management) I just switched to the XML tab and copied it. Fast and easy way to filter logs by get-winevent.
I am not sure what are you planning to do with the output so I didn’t implemented any saving of the output to a file variable or somthing.
I can use the max events because the events are returned from the newest to the oldest. So max events 50 gives you the 50 newest ones.