Get-Winevent / Boot Duration for multiple computers

This topic contains 3 replies, has 2 voices, and was last updated by Profile photo of Wei-Yen Tan Wei-Yen Tan 2 months, 2 weeks ago.

  • Author
    Posts
  • #67755
    Profile photo of flipt
    flipt
    Participant

    Hello,

    I need to evaluate many machines across a network to determine what is causing slow boot times. I came across this: http://www.happysysadm.com/2014/07/windows-boot-history-and-boot.html and thought I could figure out how to pass a list of computer names (.txt or .csv) using Get-Content to then generate a report of boot durations. I'm new to Powershell and just purchased "Learn Windows PowerShell in a Month of Lunches". Would this be the best approach for this task?

  • #67774
    Profile photo of Wei-Yen Tan
    Wei-Yen Tan
    Participant

    Yes it would.

    I just happened to look at the help for get-wineventlog and saw Example 4 that do what you want.

    PS C:\>ForEach-Object ($Server in $S) {$Server; Get-WinEvent -ListLog "Windows PowerShell" -Computername $Server}

    In your case it might look like :

    PS C:\>ForEach-Object ($Server in $S) {$Server; Get-WinEvent -Microsoft-Windows-Diagnostics-Performance }

    I hope that helps

    • #67944
      Profile photo of flipt
      flipt
      Participant

      Wei-Yen,

      Thank you for replying. I've attempted the following:

      #get machine names
      $MachineNames = Get-Content "\path of text file containing list\file.txt"
      
      #array to store WinEvents
      $WinEvents = @()
      
      #loop through list of computers to get WinEvents
      foreach ($machine in $MachineNames)
      {
           $WinEvents = $machine; Get-WinEvent -ComputerName $machine -FilterHashTable @{logname = "Microsoft-Windows-Diagnostics-Performance/Operational"; id=100}
      }
      
      

      That portion retrieves data as expected. How would I process each event for each machine in the list and export to a text or csv file for reporting? I'm working towards using SQL as recommended here: https://powershell.org/forums/topic/retrieve-event-logs-for-boot-time/ but I'm just learning Powershell.

      The script in the first post works great if you are running on your local machine. I'm trying to figure out how to make it work on multiple machines. I think I should build separate functions to get machine names, get winevents, process events, and pipe to export data. Or Maybe keeping everything in a single script works too? Am I on the right track?

  • #68160
    Profile photo of Wei-Yen Tan
    Wei-Yen Tan
    Participant

    Hi flipt,

    So sorry for replying late.

    However I have a bit of time to reply. If you were going to do this in a term of a script I would use it the way that I am going to describe below....

    The way to do is to make use of objects and adding it to a collection. Check out the following code:

    #get machine names
    $MachineNames = Get-Content "\path of text file containing list\file.txt"
    
    #array to store WinEvents
    $WinEvents = @()
    
    #loop through list of computers to get WinEvents
    foreach ($machine in $MachineNames)
    {
         
         $event = Get-WinEvent -ComputerName $machine -FilterHashTable @{logname = "Microsoft-Windows-Diagnostics-Performance/Operational"; id=100}
         $prop = @{
            'machine' = $machine
            'winevent' = $event
         }
         $object = New-Object -TypeName psobject -Property @prop
         $WinEvents += $object
    }
    
    $Winevents | Export-csv $path
    

    Essentially I am keeping whatever you have written in the loop. However what I am doing is creating a hash table with all my properties that I want as hash table (in $props). This goes into each loop and then out of each hashtable I add that to an object.

    Once I add that to an object I then add that to a collection. Once its in a collection its in a format that you can export to a CSV.

    I hope that it makes sense...if you have any further questions let me know if I can help.

You must be logged in to reply to this topic.