OutGridView lost PSComputerName Column

Tagged: 

This topic contains 4 replies, has 2 voices, and was last updated by Profile photo of Brian Clanton Brian Clanton 5 months, 1 week ago.

  • Author
    Posts
  • #62655
    Profile photo of Brian Clanton
    Brian Clanton
    Participant

    Summary:
    I am gathering a number of eventlogs on different servers and I would like to have everything display in Grid view. However, the last column 'PSComputerName' does not display in my grid, only within my output.

    Is there a way I can capture this 'PSComputerName' column in my grid.

    Output to screen:

    invoke-command -ComputerName (Get-Content .\testdevice.txt) -ScriptBlock {Get-EventLog -LogName System -After 1/22/2017 -EntryType Error} -Credential $tpcreds 
      Index Time          EntryType   Source                 InstanceID Message                                    PSComputerName                            
       ----- ----          ---------   ------                 ---------- -------                                    --------------                            
        8090 Jan 25 15:19  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
        8087 Jan 25 14:54  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
        8084 Jan 25 14:11  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
        8082 Jan 25 13:58  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
        8075 Jan 25 13:21  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
        8074 Jan 25 13:21  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
        8057 Jan 25 13:18  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
        8041 Jan 25 13:18  Error       SNMP                   3237938652 The SNMP Service encountered an error w... w10-ck                                    
        8038 Jan 25 13:18  Error       SNMP                   3237938652 The SNMP Service encountered an error w... w10-ck                                    
        8037 Jan 25 13:18  Error       SNMP                   3237938652 The SNMP Service encountered an error w... w10-ck                                    
        7980 Jan 25 13:17  Error       DCOM                        10010 The description for Event ID '10010' in... w10-ck                                    
        7978 Jan 25 13:17  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
        7956 Jan 25 13:13  Error       SNMP                   3237938652 The SNMP Service encountered an error w... w10-ck                                    
        7955 Jan 25 13:13  Error       SNMP                   3237938652 The SNMP Service encountered an error w... w10-ck                                    
        7954 Jan 25 13:13  Error       SNMP                   3237938652 The SNMP Service encountered an error w... w10-ck                                    
        7898 Jan 24 17:01  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
        7897 Jan 24 16:48  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
        7888 Jan 24 12:33  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
        7884 Jan 24 11:20  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
        7883 Jan 24 11:08  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
        7876 Jan 24 09:01  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
        7874 Jan 24 08:40  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
        7850 Jan 23 17:01  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
        7847 Jan 23 15:16  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
        7844 Jan 23 13:41  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
        7835 Jan 23 10:43  Error       DCOM                        10016 The description for Event ID '10016' in... w10-ck                                    
       89067 Jan 23 15:30  Error       Schannel                    36888 The following fatal alert was generated... w7-rmular                                 
       89066 Jan 23 15:30  Error       Schannel                    36888 The following fatal alert was generated... w7-rmular                                 
       89062 Jan 23 15:26  Error       Schannel                    36888 The following fatal alert was generated... w7-rmular                                 
       89061 Jan 23 15:26  Error       Schannel                    36888 The following fatal alert was generated... w7-rmular   

    OutPut to Grid on same command, I loose the 'PScomputername' column.

     invoke-command -ComputerName (Get-Content .\testdevice.txt) -ScriptBlock {Get-EventLog -LogName System -After 1/22/2017 -EntryType Error} -Credential $tpcreds | Out-GridView     
  • #62671
    Profile photo of nimms
    nimms
    Participant

    Hello, Brian. This happens because of views. First, the solution:

    $props = 'Index', 'Time', 'EntryType', 'Source', 'InstanceID', 'Message', 'PSComputerName'
    Invoke-Command ... | select $props | Out-GridView

    Now, the explanation. Let's check the type name of an object that Get-EventLog returns:

    Get-EventLog -LogName System -Newest 1 | Get-Member

    If you run this command, you can see the TypeName on the top. It is System.Diagnostics.EventLogEntry.
    The view for that type is described in the file: $PSHome\DotNetTypes.format.ps1xml
    If you search for the type name in this file, you'll find its default display properties:

    PowerShell takes the view information from this file and outputs only these properties by default. So, that's what Out-GridView gets.
    Jeffrey Snover, the inventor of PowerShell, actually describes the process here. (And no, you can't use PSStandardMembers with EventLogEntry.)

    I did some research and found that it's really difficult to just add a column there, instead you need to list all the columns you need by hand. That's what I did in the above code.
    I hope you'll find this information useful. Cheers.

  • #62895
    Profile photo of Brian Clanton
    Brian Clanton
    Participant

    With your example, the 'Pscomputer' field is there, however the 'Time' column output is now blank.

    Here is a snippet in the console output.

    invoke-command -ComputerName (Get-Content .\testdevice.txt) -ScriptBlock {Get-EventLog -LogName System -After 1/26/2017 -EntryType Error} -Credential $tpcreds | select $props 
    Index          : 89953
    Time           : 
    EntryType      : Error
    Source         : UmrdpService
    InstanceId     : 1111
    Message        : Driver Xerox PS Color Class Driver required for printer !!W12-TPST!Xerox Phaser 6180/6189MFP Class Driver is unknown. Contact the 
                     administrator to install the driver before you log in again.
    PSComputerName : w7-rmular
    
    Index          : 89952
    Time           : 
    EntryType      : Error
    Source         : UmrdpService
    InstanceId     : 1111
    Message        : Driver Generic 50C-1 Series PCL required for printer !!W12-tp!Office_MF is unknown. Contact the administrator to install the driver 
                     before you log in again.
    PSComputerName : w7-rmular
    
    Index          : 89796
    Time           : 
    EntryType      : Error
    Source         : SNMP
    InstanceId     : 3237938652
    Message        : The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents.
    PSComputerName : w7-rmular
    
    Index          : 89795
    Time           : 
    EntryType      : Error
    Source         : SNMP
    InstanceId     : 3237938652
    Message        : The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents.
    PSComputerName : w7-rmular
    
    Index          : 89759
    Time           : 
    EntryType      : Error
    Source         : Service Control Manager
    InstanceId     : 3221232472
    Message        : The MBAMFarflt service failed to start due to the following error: 
                     %%2
    PSComputerName : w7-rmular
    
    Index          : 89741
    Time           : 
    EntryType      : Error
    Source         : DCOM
    InstanceId     : 3221235478
    Message        : The description for Event ID '-1073731818' in Source 'DCOM' cannot be found.  The local computer may not have the necessary registry 
                     information or message DLL files to display the message, or you may not have permission to access them.  The following information is 
                     part of the event:'2147944122', '172.26.9.136', '{03837521-098B-11D8-9414-505054503030}'
    PSComputerName : w7-rmular
    
    Index          : 89725
    Time           : 
    EntryType      : Error
    Source         : Service Control Manager
    InstanceId     : 3221232472
    Message        : The MBAMFarflt service failed to start due to the following error: 
                     %%2
    PSComputerName : w7-rmular

    This is what is in my $props variable

    C:\Users\bclanton> $props
    Index
    Time
    EntryType
    Source
    InstanceID
    Message
    PSComputerName
    • #62898
      Profile photo of nimms
      nimms
      Participant

      Oh, sorry, it's not Time but TimeGenerated.

  • #63676
    Profile photo of Brian Clanton
    Brian Clanton
    Participant

    Perfect...thank you

You must be logged in to reply to this topic.