Please help with Get-WinEvent and the Messages

This topic contains 0 replies, has 1 voice, and was last updated by  Forums Archives 5 years, 11 months ago.

  • Author
    Posts
  • #5886

    by surveyor at 2013-05-05 02:56:43

    Hi,
    when I try to get the messages from an eventlog with Get-WinEvent, I get allways nothing:
    PS E:\> get-winevent -LogName 'Microsoft-Windows-TaskScheduler/Operational' | Select-Object -First 10

    ProviderName: Microsoft-Windows-TaskScheduler

    TimeCreated Id LevelDisplayName Message
    ----------- -- ---------------- -------
    05.05.2013 11:45:00 318
    05.05.2013 11:45:00 318
    05.05.2013 11:45:00 301
    05.05.2013 11:40:00 314
    05.05.2013 11:40:00 102
    05.05.2013 11:40:00 201
    05.05.2013 11:39:59 200
    05.05.2013 11:39:59 129
    05.05.2013 11:39:59 100
    05.05.2013 11:39:59 319

    Is there a possible way to get this messages from Get-WinEvent?

    Filtering on messages work! But I can't get the messages:

    PS E:\> get-winevent -LogName 'Microsoft-Windows-TaskScheduler/Operational' | Where-Object { $_.Message -notlike '*insta
    nce of the "\Microsoft\*' } | Select-Object -First 10

    ProviderName: Microsoft-Windows-TaskScheduler

    TimeCreated Id LevelDisplayName Message
    ----------- -- ---------------- -------
    05.05.2013 11:50:00 314
    05.05.2013 11:50:00 102
    05.05.2013 11:50:00 201
    05.05.2013 11:49:59 200
    05.05.2013 11:49:59 129
    05.05.2013 11:49:59 100
    05.05.2013 11:49:59 319
    05.05.2013 11:49:59 317
    05.05.2013 11:49:59 310
    05.05.2013 11:49:59 311

    by surveyor at 2013-05-05 04:28:00

    Google is the help. It's an error in .NET for other languages than "en-US". Since two years or longer.

    Here you can find a workaround:
    Get-WinEvent does not return the content of the Event Message in V3 CTP2

    $GetFilteredLogs = {
    $orgCulture = Get-Culture
    [System.Threading.Thread]::CurrentThread.CurrentCulture = New-Object "System.Globalization.CultureInfo" "en-US"
    get-winevent -LogName 'Microsoft-Windows-TaskScheduler/Operational' |
    Where-Object { (@(100,102) -contains $_.Id) -and ($_.Message -notlike '*instance of the "\Microsoft\*') } |
    Select-Object -First 10
    [System.Threading.Thread]::CurrentThread.CurrentCulture = $orgCulture
    }

    $FilteredLog = . $GetFilteredLogs
    $FilteredLog

    PS E:\> $GetFilteredLogs = {
    >> $orgCulture = Get-Culture
    >> [System.Threading.Thread]::CurrentThread.CurrentCulture = New-Object "System.Globalization.CultureInfo" "en-US"
    >> get-winevent -LogName 'Microsoft-Windows-TaskScheduler/Operational' |
    >> Where-Object { (@(100,102) -contains $_.Id) -and ($_.Message -notlike '*instance of the "\Microsoft\*') } |
    >> Select-Object -First 10
    >> [System.Threading.Thread]::CurrentThread.CurrentCulture = $orgCulture
    >> }
    >>
    PS E:\> $FilteredLog = . $GetFilteredLogs
    PS E:\> $FilteredLog

    ProviderName: Microsoft-Windows-TaskScheduler

    TimeCreated Id LevelDisplayName Message
    ----------- -- ---------------- -------
    05.05.2013 13:20:00 102 Task Scheduler successfully finished "{E4CA7878-17CC-4315-B237-9...
    05.05.2013 13:19:59 100 Task Scheduler started "{E4CA7878-17CC-4315-B237-98CB8934B180}" ...
    05.05.2013 13:10:00 102 Task Scheduler successfully finished "{9B06BD1F-32C1-443F-B561-9...
    05.05.2013 13:09:59 100 Task Scheduler started "{9B06BD1F-32C1-443F-B561-9906C60F3B88}" ...
    05.05.2013 13:00:00 102 Task Scheduler successfully finished "{AA768489-C634-48F6-8A87-9...
    05.05.2013 13:00:00 100 Task Scheduler started "{AA768489-C634-48F6-8A87-9757D8B6BB07}" ...
    05.05.2013 12:50:00 102 Task Scheduler successfully finished "{4F90C801-2F85-4E60-8FCD-6...
    05.05.2013 12:49:59 100 Task Scheduler started "{4F90C801-2F85-4E60-8FCD-6A6E8BBAD602}" ...
    05.05.2013 12:40:00 102 Task Scheduler successfully finished "{A5A9BCF9-7536-488A-8D68-4...
    05.05.2013 12:39:59 100 Task Scheduler started "{A5A9BCF9-7536-488A-8D68-4983BB755423}" ...

    PS E:\>

You must be logged in to reply to this topic.