Catching an entry out of EventLog

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Itta Itta 1 year, 6 months ago.

  • Author
  • #24382
    Profile photo of Itta


    I have a requirement is to capture the first "Kernel-Boot" time on current day.

    The cmdlet/script I am currently using is as below, which gives me the latest 10 entries.
    "Get-EventLog -LogName System -Message "*Kernel-Boot*" -Newest 10 |select -Property Source,TimeGenerated,TimeWritten |sort timeGenerated -Descending |ConvertTo-Html |Out-File C:\MyWeb.html".

    I worked on -After & -Before parameters and was not successful at getting desired result. I am looking for a simple solution. Appreciate if someone can help me here.


  • #24392
    Profile photo of Don Jones
    Don Jones

    You might have an easier time using WMI for this. The Win32_NTLogEvent ( contains the same information, and you can use the -Filter parameter of Get-WmiObject or Get-CimInstance to have WMI filter for just the event you want. You might also look at Get-WinEvent, which provides a bit more in the way of detailed filtering. It'll be helpful to know the Event ID of the event you want, since that's one of the easiest ways to quickly filter for that event.

  • #24417
    Profile photo of Itta

    Thanks Don.
    Will try your approach, in meantime below script also gave me desired result.

    $MyDate = (get-date).AddDays(-1)
    $MyResult = Get-EventLog -LogName System -Message "*Kernel-Boot*" -Newest 1 -After $MyDate |select Source,TimeGenerated |ConvertTo-Html |Out-File C:\MyWeb.html
    explorer.exe C:\MyWeb.html

You must be logged in to reply to this topic.