Attempting to get the Date and Time of Source Winlogon from EventViewer for timing purposes and this is what I currently have. I'm not the best at Powershell scripting but hopefully I was close enough to it's a simple fix. Please help! I've also referenced this, but it didn't help to my prevail.
$LogSettingsEvent = "Winlogin"
$refDate = (Get-Date).Adddays(0)
Get-WinEvent $LogSettingsEvent -InformationAction | Where-Object
{$_.LastWriteTime -gt $refDate}
The best way I have found to filter event logs is using `-FilterHastable'
Example (5 days of logs):
$LogSettingsEvent = "WinLogs"
[hashtable]$filter =#{}
$filter.Add('LogName', $LogSettingsEvent)
#add start time (5 days ago)
$start = (Get-Date).AddDays(-5)
#must have an endtime with start time (make it today)
$end = Get-Date
#Get the logs:
$systemLogs = Get-WinEvent -FilterHashtable $filter
#display it
$systemLogs
Related
I am trying to do a simple ticket/incident file export using PowerShell. All of our tickets go into the Service manager 2019 Console.
What I am trying to do is be able to filter and export our tickets using certain date range. Our senior system engineer was able to help me get started and I am trying to figure out the best way to do this. So this is what he sent me:
____________________________________________
you always want to filter / where as far left as possible to reduce processing overhead
also Tab is your friend when typing cmdlets - usually something like
Get-SCSMIncident -<Tab>
and it will show you your options
or Get-SCSMIncident -Help
you can also use Where-Object to filter once you have the correct subitems
Get-SCSMIncident | Where-Object {$_.Status -eq "Active"}
because you're doing the filter AFTER Get-SCSMIncident, it's going to find ALL incidents in the background, THEN filter them (slow/bad)
____________________________________________
So I tried a few things. He suggested to do the following below, create variables, store them and pull the data later.
$allincidents = Get-SCSMIncident
$resolved = $allincdients | Where-Object {$_.Status -eq "Resolved"}
$active = $allincdients | Where-Object {$_.Status -eq "Active"
Then I would export the info such as below to a csv file
$active | export-csv c:\temp\scsm_incidents.csv -nti
The issue is that when I execute it, the initial storing of the variables it is taking too long, because we have obviously thousands and thousands of tickets.
I then thought what if I did the following below
Create the date variables first and store them.
$startDate = Get-Date -Year 2022 -Month 1 -Day 1
$endDate = Get-Date -Year 2022 -Month 2 -Day 2
Get-SCSMIncident | Where-Object {($_.createddate.date -le $endDate) -and ($_.createddate.date -ge $startDate)} | Export-Csv C:\Temp\SCSM-tickets.csv -nti
And given the logic that my Senior Engineer told me, it is going through all the tickets first because of the Get-SCSMIncident and then filtering and then storing into an csv file.
So my question is there a way to sort of go backwards? I know computer language wise it wouldn't make sense because it doesn't know what object it is being pointed to.
Like for example
Where-Object {($_.createddate.date -le $endDate) -and ($_.createddate.date -ge $startDate)} | Get-SCSMIncident | Export-Csv C:\Temp\SCSM-tickets.csv -nti
The end result is that I want to be able to pull data on a weekly basis using just a date range, without have to run through all the tickets every time. Since new tickets are being generated everyday, each time I run through it, it will take longer and longer and longer. I am by no means expert with powershell at all and looking for any insight on export data files much simpler or faster. If anyone has any ideas I would greatly appreciate it.
FYI I know I can pull each ticket at a time, our naming scheme used is INC##### so for example to pull any ticket
Get-SCSMIncident -id "INC10105"
This would pull up this one ticket in powershell.
I don't know all the powershell commands and searching through the library is confusing
If anyone knows a way of how to do something like this pulling tickets in sets that would be helpful.
Get-SCSMIncident -id "INC00001" TO -id "INC00500" | Export-Csv C:\Temp\SCSM-tickets.csv -nti
Or evening pulling data by date.
Apologize for the super long post. Also if anyone knows how to export tickets in Service Manager Console please let me know too!!! I searched everywhere and seems like I can't export anything
As stated in my comments, unless the cmdlet Get-SCSMIncident has filtering by DateTime range capabilities, it is unlikely that there is a way around having to go through all the collection, however, there are ways the code could be improved so it can do the filtering faster. A foreach loop (enumeration) loop in addition to an if condition (filtering condition) is much faster than Where-Object.
$startDate = Get-Date -Year 2022 -Month 1 -Day 1
$endDate = Get-Date -Year 2022 -Month 2 -Day 2
$incs = foreach($inc in Get-SCSMIncident)
{
if($inc.CreatedDate -gt $endDate -or $inc.CreatedDate -lt $startDate)
{
# If the Incident's CreatedDate is greater than `$endDate` OR
# lower than `$startDate` go to the next Incident.
# In other words, skip this Incident.
continue
}
[pscustomobjct]#{
ID = $inc.ID
Status = $inc.Status
Title = $inc.Title
Description = $inc.Description -replace '\r?\n', ' '
AffectedUser = $inc.AffectedUser
AssignedTo = $inc.AssignedTo
CreatedDate = $inc.CreatedDate
TierQueue = $inc.TierQueue
Urgency = $inc.Urgency
Priority = $inc.Properity
}
}
$incs | Export-Csv path/to/exported.csv -NoTypeInformation
In one of my scripts it is generation nearly 100 of lines, while I only need the ones within 15 minutes from running the script.
I did find a script How to search a pattern in last 10 minutes of log using a powershell script
I changed it and got this:
Get-Content .\Downloads\data.txt |
ForEach-Object {$threshold = (Get-Date).AddMinutes(-130).ToString("yyyy-MM-ddTHH:mm:ssZ")}{
if($_ -match "^(?<timestamp>(\d{4}-){2}\d{2}T(\d{2}:){2}\d{2})Z.*$")
{
if((Get-Date $Matches.timestamp).ToString("yyyy-MM-ddTHH:mm:ssZ") -gt $threshold)
{
$_
}
}
}
Where i am able to only show the times withing these 15 minutes.
However, as you may see on the script pasted above, the time format in my csv file is not in the correct format. The format they used on the linked page is "dd/MM/yyyy hh:mm:ss", my time format is "yyyy-MM-ddThh:mm:ssZ" here is an example: "2020-06-04T11:39:01Z"
I have changed the "Get-Date" to show in the correct format, but what im struggling with is the 3rd line.
if($_ -match "^(?<timestamp>(\d{4}-){2}\d{2}T(\d{2}:){2}\d{2})Z.*$")
Im not really sure how to go around this, i have tried movingg around the code and more.
Some help would be appreciated and if you know a better way to to this, let me know.
Found out how i could do it!
$WebResponse = Invoke-WebRequest "<link>" | ConvertFrom-Json | Select-Object -expandproperty Links | Sort-Object -property TimestampUtcFromDevice -Descending
$TimeSpan = New-TimeSpan -start (Get-Date).AddMinutes(-15) -end ($WebResponse | Select-Object -expandproperty TimestampUtcFromDevice -first 1)
$WebResponse | Select-Object -First ($Timespan.Minutes) | export-Csv "$FilePath\$FQFL" -NoTypeInformation -delimiter "$delimiter"
Pain in the ass but i got it!
The first takes the json from the website and expands a property and sort it.
Then i find how many minutes there are from the latest code and 15 minutes back in time. A great thing i found out from one of the responses was that Get-Date knows the time zone.
The last one selects only the first entries based on the minutes from the last cmdlet, and exports it in a csv file.
Noob question.
I have a csv file with the following format
2019-04-18 08:29:47,ACE001P,QL.IN.XCENTER.ERECEIPT.FACADE,2
The date and time stamp goes back almost a month. Now I only want data for the last day's date, means 1 day old data. I am using below code, but it gives me no output.
$Data = Import-CSV "E:\Chayan\QL.IN.XCENTER.ERECEIPT.FACADE_ACE001P_1.csv"
$CutoffDate = (Get-Date).AddDays(-30)
$Data | Where-Object {$_.Date -as [datetime] -lt $CutoffDate} | Out-File .\QL.IN.XCENTER.ERECEIPT.FACADE_ACE001P_2.csv
I know I am doing something extremely stupid. Just need a way to make this work.
In order to use Import-Csv effectively, you need headers in your data. I used the -Header switch and added made up headers that include Date. Feel free to change those. It can be omitted entirely if your file already has headers.
$Data = Import-CSV "E:\Chayan\QL.IN.XCENTER.ERECEIPT.FACADE_ACE001P_1.csv" -Header "Date","Col2","Col3","Col4"
$CutoffDate = (Get-Date).AddDays(-30)
$Data | Where-Object {$_.Date -as [datetime] -gt $CutoffDate} |
Export-Csv -Path ".\QL.IN.XCENTER.ERECEIPT.FACADE_ACE001P_2.csv" -NoTypeInformation
I switched the -lt to -gt because you are giving the low end of the date range. This means you need to find a date greater than that, i.e. today is greater than yesterday.
I left .AddDays(-30) as your date starter even though the post says you want one day old data. That should be changed to .AddDays(-1) or .AddHours(-24) if you really want data within the last day.
I am trying to pull out some information from the eventlog through PowerShell based on the date today.
So far I have the code below:
$today = (Get-Date).ToString("dd/MM/yyyy")
Get-EventLog Security | where {$_.EventID -eq 4624} | where {$_.TimeGenerated -eq $today}
Now I have printed the result of today and can confirm that the outputted date is 04/12/2017, I have also printed the date of the TimeGenerated attriubute from the EventID object and that also shows the date in the same format.
Any ideas on where I am going wrong?
The TimeGenerated property holds a DateTime value, not a string, so don't compare it to a date string. Also, you should filter via Get-EventLog parameters whenever possible, because that filtering happens at the source. This is particularly relevant when querying remote eventlogs to reduce the amount of data that is transmitted over the network.
$today = (Get-Date).Date
$tomorrow = $today.AddDays(1)
Get-EventLog -LogName Security -InstanceId 4626 -After $today -Before $tomorrow
i create this script
$VarDay = (Get-Date).day
$VarMonth = (Get-Date).month
get-messagetrackinglog -Recipients:haavarot-from#my-domain.co.il -EventID "FAIL" -Start "09/20/14" -End "09/23/14" | export-csv c:\MailboxStatistics-$VarMonth-$VarDay.csv -encoding "utf8"
to create CSV file with the date name for FAIL mails from mail box
its work fine
but the only problem i cant found is to way to make it run daily wit no need to edit the DATES in the Ps code
-i want it to sat auto run at 22:00 every day and make the log for the some day only for 7 days
in the 8 day i want it to delete the old and create a new one
i need to save only the last 7 days
and idea?
-Start and -End accepts [System.DateTime] so you can just use Get-Date and play with the days using AddDays()
Straight from MSDN. You could do something like this
$endDate = Get-Date # This is today
$startDate = (Get-Date).AddDays(-7) # This is 7 days ago
If you would feel more comfortable with just the date and drop the time you can use the .ToString() method to format the time. Note that the datetime object would be lost as this returns a string.
$endDate = (Get-Date).ToString("MM/dd/yy")
$startDate = ((Get-Date).AddDays(-7)).ToString("MM/dd/yy")
More information on formatting dates can be found here