WinEvent Triggers

This topic contains 1 reply, has 2 voices, and was last updated by  Don Jones 2 weeks, 6 days ago.

  • Author
    Posts
  • #83278

    Chris
    Participant

    I am forwarding events from 2 servers. Then querying the event ID on the collector

    Get-WinEvent @{ LogName = 'ForwardedEvents'; ID = 3101 }|sort TimeCreated -Descending | Select -First 1 -Unique

    It works but now people are sending multiple jobs for the same event ID 3101 3 or 4 jobs are hitting the collector at the same time. I pick up on the event and run a scheduled task and script to set VM settings in VMM but it's only catching the -First event. In task scheduler there is a setting to queue or run in parallel scheduled tasks but they don't work.

    Can someone offer some other ways?

  • #83279

    Don Jones
    Keymaster

    When you're doing message queuing – which is basically what this is – you usually have to track the time stamp of the last event you received. On the next query, you grab everything that's been posted since then, and then update your time stamp. So on each query, you're potentially getting zero or more events – you then enumerate them and do whatever you're doing with them. You could write the “time stamp of the last event I got” to a text file or something, so you can read it back in each time.

You must be logged in to reply to this topic.