Trying to query archived event logs, not working but I do not see why

Welcome Forums General PowerShell Q&A Trying to query archived event logs, not working but I do not see why

This topic contains 1 reply, has 1 voice, and was last updated by

 
Participant
6 months ago.

  • Author
    Posts
  • #102122

    Participant
    Points: 1
    Rank: Member

    The error says that there are no matching events, but I know for a fact that there are. The error comes back way too fast for it to have actually searched. Is it the hashtable filter?

    PS C:\WINDOWS\system32>invoke-command -cn ( Get-ADComputer -filter * -searchBase "ou=Domain Controllers,dc=power,dc=corp" | Select-Object -expand Name ) -scriptblock { Get-WinEvent -FilterHashtable @{Path="C:\windows\system32\winevt\Logs\*Security*";id= '4720','4722','4738';StartTime="6/04/2018";EndTime="6/08/2018"} | Export-CSV c:\Users\62_admin\Desktop\resultJC.csv}

    No events were found that match the specified selection criteria.
    + CategoryInfo : ObjectNotFound: (:) [Get-WinEvent], Exception
    + FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand
    + PSComputerName : DCWS01

    No events were found that match the specified selection criteria.
    + CategoryInfo : ObjectNotFound: (:) [Get-WinEvent], Exception
    + FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand
    + PSComputerName : DCMP01

  • #102125

    Participant
    Points: 1
    Rank: Member

    The error says that there are no matching events, but I know for a fact that there are. The error comes back way too fast for it to have actually searched. Is it the hashtable filter?

    invoke-command -cn ( Get-ADComputer -filter * -searchBase "ou=Domain Controllers,dc=power,dc=corp" | Select-Object -expand Name ) -scriptblock { Get-WinEvent -FilterHashtable @{Path="C:\windows\system32\winevt\Logs\*Security*";id= '4720','4722','4738';StartTime="6/04/2018";EndTime="6/08/2018"} | Export-CSV c:\Users\62_admin\Desktop\resultJC.csv}

    No events were found that match the specified selection criteria.
    + CategoryInfo : ObjectNotFound: (:) [Get-WinEvent], Exception
    + FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand
    + PSComputerName : DCWS01

    No events were found that match the specified selection criteria.
    + CategoryInfo : ObjectNotFound: (:) [Get-WinEvent], Exception
    + FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand
    + PSComputerName : DCMP01

The topic ‘Trying to query archived event logs, not working but I do not see why’ is closed to new replies.