Welcome Forums General PowerShell Q&A Log search working in Windows 7 but not in Windows 10

Viewing 3 reply threads
  • Author
    Posts
    • #167428
      Participant
      Topics: 18
      Replies: 28
      Points: 38
      Rank: Member

      Windows 7 x64   PSVersion 5.1.1.14409.1018 – below runs with no issues

      $cmp = 'localhost'
      
      $time = (Get-Date) - (new-timeSpan -day 2)
      
      $events = Get-WinEvent -cn $cmp -FilterHashtable @{ logname = '*'; level = 1, 2, 3, 4; starttime = $time }
      

      Windows 10 x 64 PSVersion 5.1.16299.1146 – the above won’t run, I am missing something here –

      Get-WinEvent : The data is invalid
      At line:7 char:11
      + $events = Get-WinEvent -cn $cmp -FilterHashtable @{ logname = '*'; le ...
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : NotSpecified: (:) [Get-WinEvent], EventLogInvalidDataException
      + FullyQualifiedErrorId : The data is invalid,Microsoft.PowerShell.Commands.GetWinEventCommand
      

      It appears the filtering can no longer deal with the logname=’*’

      Appreciate any pointers

    • #167446
      Senior Moderator
      Topics: 8
      Replies: 1158
      Points: 4,045
      Helping Hand
      Rank: Community Hero

      Yup, it doesn’t accept * in Win 7

    • #167584
      Participant
      Topics: 18
      Replies: 28
      Points: 38
      Rank: Member

      I have knocked this together – it seems to be doing the trick – I’ll refine and push on – cheers

      $cmp=’localhost’

      $time = (Get-Date) – (new-timeSpan -hour 1)

      $Events=Get-WinEvent -filterhashtable @{Logname = ($LogName=(Get-WinEvent -ListLog * -ComputerName $cmp| where {$_.recordcount -gt 0} | Select-Object -ExpandProperty LogName)); starttime = $time}

      $Events | select-object -property TimeCreated, Providername, LogName, ID, Message | Sort-Object -Property TimeCreated -Descending | Export-Csv “c:\temp\$cmp.csv”

    • #168622
      Participant
      Topics: 18
      Replies: 28
      Points: 38
      Rank: Member

      Just posting what I am now using on W10-1709 – seems to work well and plenty of scope to refine the details returned

      $time = (Get-Date) – (new-timeSpan -hour 5)
      $EventLogNames = (Get-WinEvent -ListLog * -ComputerName $cmp | where { $_.recordcount -gt 0 } | select-object -ExpandProperty LogName)

      Get-WinEvent -FilterHashtable @{ LogName = $EventLogNames; starttime = $time } -ComputerName $cmp |
      select-object -property TimeCreated, Providername, LogName, ID, @{ n = “Error Level”; e = { switch ($_.level) { “1”{ “Critical” } “2”{ “Error” } “3”{ “Warning” } “4”{ “Information” } } } }, @{ n = “Message”; e = { ($_.message).trim() } } |
      Sort-Object -Property TimeCreated -Descending

Viewing 3 reply threads
  • The topic ‘Log search working in Windows 7 but not in Windows 10’ is closed to new replies.