Author Posts

May 9, 2017 at 2:16 am

I am trying to create a GUI in Powershell Studio to search EventLogs and wanted to be able to use multiple "terms" and IDs to search on. I started off basic with 2 textboxes (EventIDs and SearchTerms), a datagridview to display the results and a submit button.
Ignoring the textboxes and just populating the Datagridview works just fine with the below using 2 terms and 2 IDs:

$SearchTerms = "C:\windows\system32\wininit.exe", "C:\windows\system32\autochk.exe", "guest"
	$EventIDs = 4797,4688
	$Logname = "Security"
	
	$LogResuts = get-winevent -erroraction Stop -FilterHashtable @{ logname = $Logname; ID = $EventIDs; data = $SearchTerms }
	Update-DataGridView -DataGridView $datagridview1 -item $LogResuts

I started with just one textbox filling in the "$EventIDs variable and changed the above to:

$SearchTerms = "C:\windows\system32\wininit.exe", "C:\windows\system32\autochk.exe", "guest"
	$EventIDs = $textboxEventIDs.text
	$Logname = "Security"
	
	$LogResuts = get-winevent -erroraction Stop -FilterHashtable @{ logname = $Logname; ID = $EventIDs; data = $SearchTerms }
	Update-DataGridView -DataGridView $datagridview1 -item $LogResuts

Putting 1 ID in the box works fine but am unsure how to do 2 and separate them.
Filling in this works: 4797
Filling in this DOES NOT work: 4797,4688

How can I accomplish this?

I would like to be able to do that same with the "SearchTerms too if possible.
Again if I fill in one value it works fine: C:\windows\system32\wininit.exe
This does not work and crashes the form like above: C:\windows\system32\wininit.exe , C:\windows\system32\autochk.exe

I know the issue is just the way I am formatting the text or presenting it from the textbox(s) but am too new to know why or how to fix it 🙂

Thanks for any help you can give.

May 9, 2017 at 2:23 am

So, you've got to decide how you're going to want items separated in the text box. Maybe comma-separated? You then need to -split the string to separate the elements into an array, right?

It's whatever you want – the point is, there's no built-in functionality to do what you want, so you've got to roll your own.

May 9, 2017 at 2:28 am

Thanks, I suspected that may be the case. I have no issue using a delimiter like a comma. Supposed I am ok using a comma, can you give me an example of how to do this?

Thanks,
Scott

May 9, 2017 at 2:32 am

How to use the -split operator?

$array = $Textbox.text -split ","

Basically. I mean, I'm not sure if a straight array is what you're after or not – just trying to help you turn a single string into an array of terms.

May 9, 2017 at 2:43 am

Sweet, that worked perfectly Don!
Thanks for all the help you guys give here, it's my #1 place to go for help.