Powershell Get-WinEvent - to iterate through all event logs

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Andrew Andrew 1 year, 3 months ago.

  • Author
  • #27178
    Profile photo of Andrew

    I am trying to write a query to iterate through all the Windows event logs, essentially to cross reference any errors of interest with a problem we are investigating on our Win 7 workstation fleet.
    $logs=(Get-WinEvent -ListLog * | Where-Object {$_.Recordcount -gt 0}).logname

    Get-WinEvent -LogName $log -FilterXPath '*[System[Level=1] or System[Level=2]]' -MaxEvents 50 -ErrorAction SilentlyContinue

    I am a little stuck in regards to filtering (-FilterXpath) for a specific date, in addition to the Level1, Level2 errors – any suggestions greatly appreciated

  • #27181
    Profile photo of GJ

    As building a "xpath" could be challenging, especially when dealing with dates, your best bet to construct it is using the Event Viewer GUI's Filter current log option (yes, Even get-winevent's help suggests that). To do that, open the Event viewer and choose the log you want to filter and choose the "Filter Current log" option and fill it with your requirements and now click on the XML tab. You should be able to see the xpath friendly xml query which can be used in your powershell code.

    Ex –
    Below is the XML query for filtering all "Errors and Warnings" logged in the "Date Range" under "SYSTEM" logs

    *[System[(Level=2 or Level=3) and TimeCreated[@SystemTime>='2015-07-01T11:00:01.000Z' and @SystemTime<='2015-07-06T11:00:00.999Z']]]

  • #27240
    Profile photo of Andrew

    Thanks GJ, appreciated.

You must be logged in to reply to this topic.