Get-WinEvent and filtering for the message

This topic contains 0 replies, has 1 voice, and was last updated by  Forums Archives 5 years, 7 months ago.

  • Author
    Posts
  • #5890

    by surveyor at 2013-05-10 10:03:06

    Hi,
    with this little script (it works) I try to filter scheduled tasks (beginning and end) from the eventlog. Is it possible to filter for messages in the XML-Filter instead of using Where-Object? I have searched a lot, but there are only a few examples and the official documentation is too confusing for me.

    Clear-Host

    $XMLQuery = @"





    "@

    $Abruf = {
    # Wegen .NET-Bug auf englische Umgebung umschalten. Ansonsten werden keine Meldungstexte ausgegeben.
    $orgCulture = Get-Culture
    [System.Threading.Thread]::CurrentThread.CurrentCulture = New-Object "System.Globalization.CultureInfo" "en-US"

    Get-WinEvent -FilterXml $XMLQuery |
    Where-Object { $_.Message -notmatch "\\Microsoft\\" } # |
    # Select-Object -First 5

    # Wegen .NET-Bug. Siehe oben.
    [System.Threading.Thread]::CurrentThread.CurrentCulture = $orgCulture
    }
    $a = Get-Date
    $Test = . $Abruf
    $b = Get-Date
    $Test.Count
    $a
    $b

    PS: I'm not very happy with the new forum...

You must be logged in to reply to this topic.