Trying to query archived event logs, not working but I do not see why

This topic contains 1 reply, has 1 voice, and was last updated by  Kerry 2 weeks ago.

  • Author
    Posts
  • #102122

    Kerry
    Participant

    The error says that there are no matching events, but I know for a fact that there are. The error comes back way too fast for it to have actually searched. Is it the hashtable filter?

    PS C:\WINDOWS\system32>invoke-command -cn ( Get-ADComputer -filter * -searchBase "ou=Domain Controllers,dc=power,dc=corp" | Select-Object -expand Name ) -scriptblock { Get-WinEvent -FilterHashtable @{Path="C:\windows\system32\winevt\Logs\*Security*";id= '4720','4722','4738';StartTime="6/04/2018";EndTime="6/08/2018"} | Export-CSV c:\Users\62_admin\Desktop\resultJC.csv}

    No events were found that match the specified selection criteria.
    + CategoryInfo : ObjectNotFound: (:) [Get-WinEvent], Exception
    + FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand
    + PSComputerName : DCWS01

    No events were found that match the specified selection criteria.
    + CategoryInfo : ObjectNotFound: (:) [Get-WinEvent], Exception
    + FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand
    + PSComputerName : DCMP01

  • #102125

    Kerry
    Participant

    The error says that there are no matching events, but I know for a fact that there are. The error comes back way too fast for it to have actually searched. Is it the hashtable filter?

    invoke-command -cn ( Get-ADComputer -filter * -searchBase "ou=Domain Controllers,dc=power,dc=corp" | Select-Object -expand Name ) -scriptblock { Get-WinEvent -FilterHashtable @{Path="C:\windows\system32\winevt\Logs\*Security*";id= '4720','4722','4738';StartTime="6/04/2018";EndTime="6/08/2018"} | Export-CSV c:\Users\62_admin\Desktop\resultJC.csv}

    No events were found that match the specified selection criteria.
    + CategoryInfo : ObjectNotFound: (:) [Get-WinEvent], Exception
    + FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand
    + PSComputerName : DCWS01

    No events were found that match the specified selection criteria.
    + CategoryInfo : ObjectNotFound: (:) [Get-WinEvent], Exception
    + FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand
    + PSComputerName : DCMP01

You must be logged in to reply to this topic.