now this work for the 1 even. but if i wanna get 2 event IDs i have tried a number of Diffrent ways but im only geting 0 result an error are only one of the two queries.
exmp: Where-Object {$_.EventID -eq ‘19’ -or ‘29’} i even tried doing the Where-Object statment twice. to no result.
is it just the way powershell work that it cant in this instance sort multiple values from the result of “get-events”
Piping Get-EventLog to Where-Object could be painfully slow since there are a lot of objects to evaluate. Get-EventLog has a parameter InstanceID that will take an array of Event ID numbers. Recommend you use that instead. I prefer Get-WinEvent thought because it can read the newer Windows logs. Here is an example of how you can use either one in your situation.
Get-WinEvent using a hash table as Mike has pointed out will be substantially faster then Get-EventLog. In my opinion, you should only use Get-EventLog if your Powershell version does not support Get-WinEvent.
Just my $.02
Also, you wrote: exmp: Where-Object {$_.EventID -eq ’19’ -or ’29’} i even tried doing the Where-Object statment twice. to no result.
I do believe you should have used {$.EventID -eq ’19’ -or $.EventID -eq ’29’}
TonyD05 makes a great point regarding logic operators -or in this case. I see this error all the time. When you use a logic operator, both sides of the operator must independently evaluate to $true or $false. Any value other than 0, “” or $null will evaluate to $true.
So in essence your Where-Object clause would evaluate to {$_ -eq 19 -or $true} meaning that came over the pipeline would continue down the pipe since only one side of the -or needs to be true.