All I want really is to determine the results count returned is not 0. I am trying to make sure the server is clean within the past 7 days.I.e no warning or error logs.
I noticed the results will take times to load( logs are many). I am wondering if there is a cleaner way to do this? I can do a while loop and break it once a warning/error log is found but what if the server have none of it but tons of information logs which equally taking a long time.
I do something similar as you. Bottom line, if you dont limit the logs that it queries and query them all, i t will simply take time. It also depends on the size of your log files.
With Get–WmiObject deprecated and indications that Get-CimInstance has significant performance gains, have you tried that simple change?
Thanks again. I appreciate you helping out again. Do you think Get-Ciminstance using dcom will help much? Because my environment doesnt accept pure cIM/WSMAN. Btw,I discovered Get-Winevent really speed up the process.
I honestly dont know and have not done any testing.
I also use Get-WinEvent when appropriate. I do believe the primary reason for Get-CimInstance/WmiObject is the ease of querying all logs on the system without detecting all the logs and looping which you would need for Get-WinEvent. At least that is why I chose that method.
It should also be noted that when using Get-WinEvent, queries via either -FilterHashTable or -FilterXPath greatly increases the performance of the task.
Well … I could not leave well enough alone. I decided to rewrite my script using Get-WinEvent in a loop of all the logs and the performance increase is amazing. Using CimInstance with win32_ntlogevent| was taking 12 minutes. Changing to Get-WinEvent in a loop of the logs went down to 6 Seconds !! The results are accurate as well. Thanks for getting me motivated
