Sort Eventlog per machine name

PowerShell Help
1

Hello,

I am struggling with a script to show me the number of entry’s for a system log, in a array of servers.
My script shows me the log, that I need, also the number of entry’s only I cannnot get it to work that it shows me a output basedon an per server.

Like :
Server 1
Count source eventid message

Server 2
Count Source eventid Message

I tried a number of ways, only I miss still some experience in this part it seems…:slight_smile:

$servers = "ggwvappa029","ggwvmapt002","ggwvmfsp001"

foreach($server in $servers){
invoke-command -computername $server {get-eventlog system -EntryType error -Newest 25}|
Select-Object @{name='Servername';expression={$env:Machinename}} ,source, eventid, message |Group-Object servername, count, source -NoElement | sort Servername
}
2

Try something like this which gets all of the results and then groups them:

$servers = "ggwvappa029","ggwvmapt002","ggwvmfsp001"
 
$results = foreach($server in $servers){
    $params = @{
        LogName      = 'system'
        EntryType    = 'error'
        Newest       = 25
        ComputerName = $server
        ErrorAction  = 'Stop'
    }
    
    try {
        Get-EventLog @params |
        Select-Object @{Name='Servername';Expression={$server}},
                      source, 
                      eventid, 
                      message
    }
    Catch {
        [pscustomobject]@{
            ServerName = $server
            Source     = $null
            EventId    = $null
            Message    = 'Failed to connect to server. {0}' -f $_
        }
    }
}

$results | 
Group-Object servername, count, source -NoElement | 
Sort Servername
3

I’m not sure if you’re trying to count each source or just the amount of events in total. Based on the code you have, if you simply change the calculated property as shown here

$servers = "ggwvappa029","ggwvmapt002","ggwvmfsp001"

invoke-command -computername $serverlist {get-eventlog system -EntryType error -Newest 25}|
Select-Object @{name='Servername';expression={$_.pscomputername}} ,source, eventid, message |Group-Object servername,source -NoElement | sort Servername

You end up with output like this

Count Name                     
----- ----                     
   17 volsnap, server1  
    8 stcvsm, server1
   24 NETLOGON, server2     
    1 bowser, server2         
   25 Schannel, server3

I also removed the foreach loop as it’s hurting your execution time. Since you already have the list of servers, if you pass that list directly to Invoke-Command it will run them in parallel. It also returns by default a PSComputerName so we just inserted that to the caclulated servername property. If this is not the output you expected, please try to clarify what you wanted to end up with.