Get-Eventlog from Remote PC's using Variable

This topic contains 4 replies, has 2 voices, and was last updated by Profile photo of Jesse Cleary Jesse Cleary 1 year, 9 months ago.

  • Author
    Posts
  • #22585
    Profile photo of Jesse Cleary
    Jesse Cleary
    Participant

    Good morning,

    I have a command line that I've been working on to get data from event logs across multiple remote PC's. My command works when I list the computer names out, but it does not work if I try to put them in a variable and try to run it using the variable instead of the machine names.

    Here is the working code:

    [b]get-eventlog -ComputerName PTLW2TYFLK1WIT, PTLL95S7YY1, PTLWC56MXV1WIT -logname Application | select -Property MachineName, TimeWritten, EventID, Source, Message | Where-Object Source -EQ MsiInstaller |sort -Property MachineName, TimeWritten -Descending | ConvertTo-Html | out-file c:\temp\systemlog.htm
    [/b]
    But if I try to put those 3 machines into variable $machine and replace the three machine names in the code with the $machine variable, I get the following error:

    [b]get-eventlog : The network path was not found.
    At line:1 char:1
    + get-eventlog -ComputerName $machine -logname Application | select -Property Mac ...[/b]

    I've tried tweaking this all sorts of different ways to get it to read the $machine variable because it would be nice if I could import a large list of machines into the variable and then run the command that way.

  • #22586
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    We'd need to see the variable, but I suspect that you've created a single string with comma-separated values, instead of an array of strings:

    # This is wrong:
    
    $machine = 'PTLW2TYFLK1WIT, PTLL95S7YY1, PTLWC56MXV1WIT'
    
    # This is right:
    
    $machine = 'PTLW2TYFLK1WIT', 'PTLL95S7YY1', 'PTLWC56MXV1WIT'
    
    • #22591
      Profile photo of Jesse Cleary
      Jesse Cleary
      Participant

      Thank you, that was definitely the issue. So knowing what I know now, that I need to set them as an array and not just one string, I then thought I could use:

      [b] $machine = Get-Content C:\Temp\users.txt
      [/b]
      In order to import a list of machine names into an array. In the text file they are listed just like this:

      CAELFNWVK12
      CAEL41VVK12
      CAELJ2WVK12
      CAELF12WK12

      And when I check the $machine variable after running that command, they look the same as if I specify them like in your example above. However it errors out with:

      [b]Get-EventLog : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Provide an
      argument that is not null or empty, and then try the command again.[/b]

      I'm assuming that perhaps the way they are in the text file isn't proper.

  • #22592
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Actually, you're on the right track 🙂 Get-Content does give you an array of strings; each line of the text file becomes a single string. However, based on the error, I think you must have some blank lines in your file, and you'd need to filter those out before passing the values to Get-EventLog. You can do something like this:

    $machine = Get-Content C:\Temp\users.txt | Where-Object { $_ }
    

    This takes advantage of the fact that blank strings are treated as $false in a condition, and non-blank strings are $true, so only the non-blank strings will pass through Where-Object.

  • #22593
    Profile photo of Jesse Cleary
    Jesse Cleary
    Participant

    That worked like a charm! Good to know I was at least on the right track. PowerShell is impressing me more and more every time I learn something new!

You must be logged in to reply to this topic.