Powershell Get-WinEvent - to iterate through all event logs

Welcome Forums General PowerShell Q&A Powershell Get-WinEvent - to iterate through all event logs

This topic contains 2 replies, has 2 voices, and was last updated by

 
Participant
3 years, 7 months ago.

  • Author
    Posts
  • #27178

    Participant
    Points: -17
    Rank: Member

    I am trying to write a query to iterate through all the Windows event logs, essentially to cross reference any errors of interest with a problem we are investigating on our Win 7 workstation fleet.
    $logs=(Get-WinEvent -ListLog * | Where-Object {$_.Recordcount -gt 0}).logname

    Get-WinEvent -LogName $log -FilterXPath '*[System[Level=1] or System[Level=2]]' -MaxEvents 50 -ErrorAction SilentlyContinue

    I am a little stuck in regards to filtering (-FilterXpath) for a specific date, in addition to the Level1, Level2 errors – any suggestions greatly appreciated

  • #27181
    GJ

    Participant
    Points: 0
    Rank: Member

    As building a "xpath" could be challenging, especially when dealing with dates, your best bet to construct it is using the Event Viewer GUI's Filter current log option (yes, Even get-winevent's help suggests that). To do that, open the Event viewer and choose the log you want to filter and choose the "Filter Current log" option and fill it with your requirements and now click on the XML tab. You should be able to see the xpath friendly xml query which can be used in your powershell code.

    Ex –
    Below is the XML query for filtering all "Errors and Warnings" logged in the "Date Range" under "SYSTEM" logs

    *[System[(Level=2 or Level=3) and TimeCreated[@SystemTime>='2015-07-01T11:00:01.000Z' and @SystemTime<='2015-07-06T11:00:00.999Z']]]

  • #27240

    Participant
    Points: -17
    Rank: Member

    Thanks GJ, appreciated.

The topic ‘Powershell Get-WinEvent - to iterate through all event logs’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort