Sort Eventlog per machine name

[PBA121137]

Hello,

I am struggling with a script to show me the number of entry’s for a system log, in a array of servers.
My script shows me the log, that I need, also the number of entry’s only I cannnot get it to work that it shows me a output basedon an per server.

Like :
Server 1
Count     source    eventid   message
—–          ——     ——-      ——
——        ——–   ——–   ——–
Server 2
Count  Source   eventid   Message
——       —–       ——-     ——
——–   ——–   ——–   ——–
I tried a number of  ways, only I miss still some experience in this part it seems..:-)

————————–

PowerShell

$servers = "ggwvappa029","ggwvmapt002","ggwvmfsp001" foreach($server in $servers){ invoke-command -computername $server {get-eventlog system -EntryType error -Newest 25}| Select-Object @{name='Servername';expression={$env:Machinename}} ,source, eventid, message |Group-Object servername, count, source -NoElement | sort Servername }

1 2 3 4 5 6

$servers = "ggwvappa029","ggwvmapt002","ggwvmfsp001"   foreach($server in $servers){ invoke-command -computername $server {get-eventlog system -EntryType error -Newest 25}| Select-Object @{name='Servername';expression={$env:Machinename}} ,source, eventid, message |Group-Object servername, count, source -NoElement | sort Servername }

• This topic was modified 1 month ago by PBA121137. Reason: edited because i did not use the preformatted text for code :)

[Rob Simmers Participant Topics: 15 Replies: 1776 Points: 3,218Rank: Community Hero]

Try something like this which gets all of the results and then groups them:

PowerShell

$servers = "ggwvappa029","ggwvmapt002","ggwvmfsp001" $results = foreach($server in $servers){ $params = @{ LogName = 'system' EntryType = 'error' Newest = 25 ComputerName = $server ErrorAction = 'Stop' } try { Get-EventLog @params | Select-Object @{Name='Servername';Expression={$server}}, source, eventid, message } Catch { [pscustomobject]@{ ServerName = $server Source = $null EventId = $null Message = 'Failed to connect to server. {0}' -f $_ } } } $results | Group-Object servername, count, source -NoElement | Sort Servername

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

$servers = "ggwvappa029","ggwvmapt002","ggwvmfsp001" $results = foreach($server in $servers){     $params = @{         LogName      = 'system'         EntryType    = 'error'         Newest       = 25         ComputerName = $server         ErrorAction  = 'Stop'     }          try {         Get-EventLog @params |         Select-Object @{Name='Servername';Expression={$server}},                       source,                       eventid,                       message     }     Catch {         [pscustomobject]@{             ServerName = $server             Source     = $null             EventId    = $null             Message    = 'Failed to connect to server. {0}' -f $_         }     } }   $results | Group-Object servername, count, source -NoElement | Sort Servername

[Doug Maurer Participant Topics: 8 Replies: 568 Points: 2,171Rank: Community Hero]

I’m not sure if you’re trying to count each source or just the amount of events in total. Based on the code you have, if you simply change the calculated property as shown here

PowerShell

$servers = "ggwvappa029","ggwvmapt002","ggwvmfsp001" invoke-command -computername $serverlist {get-eventlog system -EntryType error -Newest 25}| Select-Object @{name='Servername';expression={$_.pscomputername}} ,source, eventid, message |Group-Object servername,source -NoElement | sort Servername

1 2 3 4

$servers = "ggwvappa029","ggwvmapt002","ggwvmfsp001"   invoke-command -computername $serverlist {get-eventlog system -EntryType error -Newest 25}| Select-Object @{name='Servername';expression={$_.pscomputername}} ,source, eventid, message |Group-Object servername,source -NoElement | sort Servername

You end up with output like this

PowerShell

Count Name ----- ---- 17 volsnap, server1 8 stcvsm, server1 24 NETLOGON, server2 1 bowser, server2 25 Schannel, server3

1 2 3 4 5 6 7

Count Name                     ----- ----                        17 volsnap, server1       8 stcvsm, server1    24 NETLOGON, server2         1 bowser, server2            25 Schannel, server3

I also removed the foreach loop as it’s hurting your execution time. Since you already have the list of servers, if you pass that list directly to Invoke-Command it will run them in parallel. It also returns by default a PSComputerName so we just inserted that to the caclulated servername property. If this is not the output you expected, please try to clarify what you wanted to end up with.

[Author]

Posts