I have a requirement is to capture the first "Kernel-Boot" time on current day.
The cmdlet/script I am currently using is as below, which gives me the latest 10 entries.
"Get-EventLog -LogName System -Message "*Kernel-Boot*" -Newest 10 |select -Property Source,TimeGenerated,TimeWritten |sort timeGenerated -Descending |ConvertTo-Html |Out-File C:\MyWeb.html".
I worked on -After & -Before parameters and was not successful at getting desired result. I am looking for a simple solution. Appreciate if someone can help me here.
You might have an easier time using WMI for this. The Win32_NTLogEvent (https://msdn.microsoft.com/en-us/library/aa390413(v=vs.85).aspx) contains the same information, and you can use the -Filter parameter of Get-WmiObject or Get-CimInstance to have WMI filter for just the event you want. You might also look at Get-WinEvent, which provides a bit more in the way of detailed filtering. It'll be helpful to know the Event ID of the event you want, since that's one of the easiest ways to quickly filter for that event.