WinEvent Triggers

Welcome Forums General PowerShell Q&A WinEvent Triggers

This topic contains 1 reply, has 2 voices, and was last updated by

 
Keymaster
1 year ago.

  • Author
    Posts
  • #83278

    Participant
    Points: 1
    Rank: Member

    I am forwarding events from 2 servers. Then querying the event ID on the collector

    Get-WinEvent @{ LogName = 'ForwardedEvents'; ID = 3101 }|sort TimeCreated -Descending | Select -First 1 -Unique

    It works but now people are sending multiple jobs for the same event ID 3101 3 or 4 jobs are hitting the collector at the same time. I pick up on the event and run a scheduled task and script to set VM settings in VMM but it's only catching the -First event. In task scheduler there is a setting to queue or run in parallel scheduled tasks but they don't work.

    Can someone offer some other ways?

  • #83279

    Keymaster
    Points: 1,638
    Helping HandTeam Member
    Rank: Community Hero

    When you're doing message queuing – which is basically what this is – you usually have to track the time stamp of the last event you received. On the next query, you grab everything that's been posted since then, and then update your time stamp. So on each query, you're potentially getting zero or more events – you then enumerate them and do whatever you're doing with them. You could write the “time stamp of the last event I got” to a text file or something, so you can read it back in each time.

The topic ‘WinEvent Triggers’ is closed to new replies.