I’m trying to combine 2 log searches and produce one output. I have two scripts that work the first finds all levels for a specified time frame and produces a .csv file.
$StartDate = Get-Date (Read-Host -Prompt 'Enter the start date of the logs. EX: 1/1/2022')
$EndDate = Get-Date (Read-Host -Prompt 'Enter the Last day of the deployment, EX: 6/26/2022')
Get-WinEvent -FilterHashTable @{
path = '*.evtx'
Level =1,2,3} |
Where-Object {$_.timecreated -gt $StartDate -and $_.timecreated -lt $EndDate} |
Select-Object TimeCreated, ID, ProviderName, LevelDisplayName, Message |
Export-CSV -Path logs.csv -NoTypeInformation
This script finds specific event IDs and produces a csv file.
$StartDate = Get-Date (Read-Host -Prompt 'Enter the start date of the logs. EX: 1/1/2022')
$EndDate = Get-Date (Read-Host -Prompt 'Enter the Last day of the deployment, EX: 6/26/2022')
Get-WinEvent -FilterHashTable @{
path = '*.evtx'
ID=4720, 4723, 4724, 4722, 4725, 4726, 4738, 4740, 2003, 2004, 2006} |
Where-Object {$_.timecreated -gt $StartDate -and $_.timecreated -lt $EndDate} |
Select-Object TimeCreated, ID, logName, ProviderName, LevelDisplayName, Message |
Export-CSV -Path logsID.csv -NoTypeInformation
I can’t figure out how to combine the two and produce one output. Any help would be appreciated.
Dan