OutGridView lost PSComputerName Column

Summary:
I am gathering a number of eventlogs on different servers and I would like to have everything display in Grid view. However, the last column ‘PSComputerName’ does not display in my grid, only within my output.

Is there a way I can capture this ‘PSComputerName’ column in my grid.

Output to screen:

invoke-command -ComputerName (Get-Content .\testdevice.txt) -ScriptBlock {Get-EventLog -LogName System -After 1/22/2017 -EntryType Error} -Credential $tpcreds 

  Index Time          EntryType   Source                 InstanceID Message                                    PSComputerName                            
   ----- ----          ---------   ------                 ---------- -------                                    --------------                            
    8090 Jan 25 15:19  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
    8087 Jan 25 14:54  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
    8084 Jan 25 14:11  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
    8082 Jan 25 13:58  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
    8075 Jan 25 13:21  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
    8074 Jan 25 13:21  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
    8057 Jan 25 13:18  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
    8041 Jan 25 13:18  Error       SNMP                   3237938652 The SNMP Service encountered an error w... w10-ck                                    
    8038 Jan 25 13:18  Error       SNMP                   3237938652 The SNMP Service encountered an error w... w10-ck                                    
    8037 Jan 25 13:18  Error       SNMP                   3237938652 The SNMP Service encountered an error w... w10-ck                                    
    7980 Jan 25 13:17  Error       DCOM                        10010 The description for Event ID '10010' in... w10-ck                                    
    7978 Jan 25 13:17  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
    7956 Jan 25 13:13  Error       SNMP                   3237938652 The SNMP Service encountered an error w... w10-ck                                    
    7955 Jan 25 13:13  Error       SNMP                   3237938652 The SNMP Service encountered an error w... w10-ck                                    
    7954 Jan 25 13:13  Error       SNMP                   3237938652 The SNMP Service encountered an error w... w10-ck                                    
    7898 Jan 24 17:01  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
    7897 Jan 24 16:48  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
    7888 Jan 24 12:33  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
    7884 Jan 24 11:20  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
    7883 Jan 24 11:08  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
    7876 Jan 24 09:01  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
    7874 Jan 24 08:40  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
    7850 Jan 23 17:01  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
    7847 Jan 23 15:16  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
    7844 Jan 23 13:41  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
    7835 Jan 23 10:43  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
   89067 Jan 23 15:30  Error       Schannel                    36888 The following fatal alert was generated... w7-rmular                                 
   89066 Jan 23 15:30  Error       Schannel                    36888 The following fatal alert was generated... w7-rmular                                 
   89062 Jan 23 15:26  Error       Schannel                    36888 The following fatal alert was generated... w7-rmular                                 
   89061 Jan 23 15:26  Error       Schannel                    36888 The following fatal alert was generated... w7-rmular   

OutPut to Grid on same command, I loose the ‘PScomputername’ column.

 invoke-command -ComputerName (Get-Content .\testdevice.txt) -ScriptBlock {Get-EventLog -LogName System -After 1/22/2017 -EntryType Error} -Credential $tpcreds | Out-GridView     

Hello, Brian. This happens because of views. First, the solution:

$props = 'Index', 'Time', 'EntryType', 'Source', 'InstanceID', 'Message', 'PSComputerName'
Invoke-Command ... | select $props | Out-GridView

Now, the explanation. Let’s check the type name of an object that Get-EventLog returns:

Get-EventLog -LogName System -Newest 1 | Get-Member

If you run this command, you can see the TypeName on the top. It is System.Diagnostics.EventLogEntry.
The view for that type is described in the file: $PSHome\DotNetTypes.format.ps1xml
If you search for the type name in this file, you’ll find its default display properties:

PowerShell takes the view information from this file and outputs only these properties by default. So, that’s what Out-GridView gets.
Jeffrey Snover, the inventor of PowerShell, actually describes the process here. (And no, you can’t use PSStandardMembers with EventLogEntry.)

I did some research and found that it’s really difficult to just add a column there, instead you need to list all the columns you need by hand. That’s what I did in the above code.
I hope you’ll find this information useful. Cheers.

With your example, the ‘Pscomputer’ field is there, however the ‘Time’ column output is now blank.

Here is a snippet in the console output.

invoke-command -ComputerName (Get-Content .\testdevice.txt) -ScriptBlock {Get-EventLog -LogName System -After 1/26/2017 -EntryType Error} -Credential $tpcreds | select $props 

Index          : 89953
Time           : 
EntryType      : Error
Source         : UmrdpService
InstanceId     : 1111
Message        : Driver Xerox PS Color Class Driver required for printer !!W12-TPST!Xerox Phaser 6180/6189MFP Class Driver is unknown. Contact the 
                 administrator to install the driver before you log in again.
PSComputerName : w7-rmular

Index          : 89952
Time           : 
EntryType      : Error
Source         : UmrdpService
InstanceId     : 1111
Message        : Driver Generic 50C-1 Series PCL required for printer !!W12-tp!Office_MF is unknown. Contact the administrator to install the driver 
                 before you log in again.
PSComputerName : w7-rmular

Index          : 89796
Time           : 
EntryType      : Error
Source         : SNMP
InstanceId     : 3237938652
Message        : The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents.
PSComputerName : w7-rmular

Index          : 89795
Time           : 
EntryType      : Error
Source         : SNMP
InstanceId     : 3237938652
Message        : The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents.
PSComputerName : w7-rmular

Index          : 89759
Time           : 
EntryType      : Error
Source         : Service Control Manager
InstanceId     : 3221232472
Message        : The MBAMFarflt service failed to start due to the following error: 
                 %%2
PSComputerName : w7-rmular

Index          : 89741
Time           : 
EntryType      : Error
Source         : DCOM
InstanceId     : 3221235478
Message        : The description for Event ID '-1073731818' in Source 'DCOM' cannot be found.  The local computer may not have the necessary registry 
                 information or message DLL files to display the message, or you may not have permission to access them.  The following information is 
                 part of the event:'2147944122', '172.26.9.136', '{03837521-098B-11D8-9414-505054503030}'
PSComputerName : w7-rmular

Index          : 89725
Time           : 
EntryType      : Error
Source         : Service Control Manager
InstanceId     : 3221232472
Message        : The MBAMFarflt service failed to start due to the following error: 
                 %%2
PSComputerName : w7-rmular

This is what is in my $props variable

C:\Users\bclanton> $props
Index
Time
EntryType
Source
InstanceID
Message
PSComputerName

Oh, sorry, it’s not Time but TimeGenerated.

Perfect…thank you