psobject format output – PowerShell.org

Search

Generic filters

Exact matches only

Filter by Custom Post Type

Hello
Guest

Log In or Sign Up

psobject format output

Author	Posts
mich.a Participant Topics: 6 Replies: 7 My Achievements No Achievements Yet!	November 14, 2017 at 11:58 am Hello all, I'm writing a function to retrieve from a series of events (eventID 153) binary data in XML view. My issue is with the output, which seems to be stored in hashtable. Function Get-StorPortXMLEvents { #Local path to evtx file. $GenEvtPath = 'C:\tmp\diskErrors.evtx' #Setting to xml $EventData = ([xml[]](Get-WinEvent -FilterHashtable @{Path = $GenEvtPath} -MaxEvents 5).toxml()) #Enumerating objects with foreach foreach ($diskEvt in $EventData) { #Which info I want to pull $EvtProperties = @{ Data = $EventData.event.eventdata.data Binary = $EventData.event.eventdata.binary TimeCreated = $EventData.event.system.timecreated.systemtime } #Creating my object $MyObj = New-Object -TypeName psobject -Property $EvtProperties Write-Output $MyObj } } The output: [13:19 PM C:\]> Get-StorPortXMLEvents \| fl TimeCreated : {2017-11-02T13:30:54.386394300Z, 2017-11-02T13:30:51.872859400Z, 2017-11-02T13:30:51.575979800Z, 2017-10-27T05:49:39.077479800Z...} Data : {\Device\Harddisk3\DR3, 0x890f1a8, 3, \Device\MPIODisk0...} Binary : {0F01040004002C00000000009900048000000000000000000000000000000000000000000000000000000928, 0F01040004002C0000000000990004800000000000000000000000000000000000000000000000000000092A, 0F01040004002C00000000009900048000000000000000000000000000000000000000000000000000000988, 0F01040004002C00000000009900048000000000000000000000000000000000000000000000000000000928...} TimeCreated : {2017-11-02T13:30:54.386394300Z, 2017-11-02T13:30:51.872859400Z, 2017-11-02T13:30:51.575979800Z, 2017-10-27T05:49:39.077479800Z...} Data : {\Device\Harddisk3\DR3, 0x890f1a8, 3, \Device\MPIODisk0...} Binary : {0F01040004002C00000000009900048000000000000000000000000000000000000000000000000000000928, 0F01040004002C0000000000990004800000000000000000000000000000000000000000000000000000092A, 0F01040004002C00000000009900048000000000000000000000000000000000000000000000000000000988, 0F01040004002C00000000009900048000000000000000000000000000000000000000000000000000000928...} TimeCreated : {2017-11-02T13:30:54.386394300Z, 2017-11-02T13:30:51.872859400Z, 2017-11-02T13:30:51.575979800Z, 2017-10-27T05:49:39.077479800Z...} Data : {\Device\Harddisk3\DR3, 0x890f1a8, 3, \Device\MPIODisk0...} Binary : {0F01040004002C00000000009900048000000000000000000000000000000000000000000000000000000928, 0F01040004002C0000000000990004800000000000000000000000000000000000000000000000000000092A, 0F01040004002C00000000009900048000000000000000000000000000000000000000000000000000000988, 0F01040004002C00000000009900048000000000000000000000000000000000000000000000000000000928...} TimeCreated : {2017-11-02T13:30:54.386394300Z, 2017-11-02T13:30:51.872859400Z, 2017-11-02T13:30:51.575979800Z, 2017-10-27T05:49:39.077479800Z...} Data : {\Device\Harddisk3\DR3, 0x890f1a8, 3, \Device\MPIODisk0...} Binary : {0F01040004002C00000000009900048000000000000000000000000000000000000000000000000000000928, 0F01040004002C0000000000990004800000000000000000000000000000000000000000000000000000092A, 0F01040004002C00000000009900048000000000000000000000000000000000000000000000000000000988, 0F01040004002C00000000009900048000000000000000000000000000000000000000000000000000000928...} TimeCreated : {2017-11-02T13:30:54.386394300Z, 2017-11-02T13:30:51.872859400Z, 2017-11-02T13:30:51.575979800Z, 2017-10-27T05:49:39.077479800Z...} Data : {\Device\Harddisk3\DR3, 0x890f1a8, 3, \Device\MPIODisk0...} Binary : {0F01040004002C00000000009900048000000000000000000000000000000000000000000000000000000928, 0F01040004002C0000000000990004800000000000000000000000000000000000000000000000000000092A, 0F01040004002C00000000009900048000000000000000000000000000000000000000000000000000000988, 0F01040004002C00000000009900048000000000000000000000000000000000000000000000000000000928...} My goal is to match each event (data) with each time (timecreated) and its binary code. I would appreciate your input folks.
Richard Siddaway Participant Topics: 0 Replies: 669 My Achievements No Achievements Yet!	November 14, 2017 at 4:04 pm I think you have an error in your code $EvtProperties = @{ Data = $EventData.event.eventdata.data Binary = $EventData.event.eventdata.binary TimeCreated = $EventData.event.system.timecreated.systemtime } should be $EvtProperties = @{ Data = $$diskEvt.event.eventdata.data Binary = $$diskEvt.event.eventdata.binary TimeCreated = $$diskEvt.event.system.timecreated.systemtime } or something similar. You're currently creating the output using the collection of events rather than each individual event which is what I presume you're after
mich.a Participant Topics: 6 Replies: 7 My Achievements No Achievements Yet!	November 14, 2017 at 8:00 pm Thanks a lot Richard! Yes I was looking for each individual event.

You must be logged in to reply to this topic.