How to display certain lines from a message?
Get-EventLog -LogName Application -EntryType Error -Newest 10 -Message "*3CXPhone.exe*" |
Format-Table -wrap
Specifically in my example, I want to display only 1,2 and 7,8 rows. How to do it?
See my example
Something like this should do it:
$lines = Get-EventLog -LogName Application -EntryType Error -Newest 10 -Message "*.exe*"
for($i=1;$i -lt 10;$i++){
switch ($i)
{
1 {$lines[$i]}
2 {$lines[$i]}
7 {$lines[$i]}
8 {$lines[$i]}
}
}
So basically you create an array $lines. And use a counter $i , to match the counter to the index of the array.
Get-EventLog -LogName Application -EntryType Error -Newest 10 -Message "*.exe*" | where {$_.Message -like '*.exe*'} | Format-Table -wrap
Related
I am trying to get the the last 10 events in the «EventLog» logs «Application», «Security» and «System» parallelly. I get an error with this message:
Get-EventLog : Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'LogName'"
when running the script. The script works when running with only the logname "Application".
Get-Eventlog -Newest 10 -LogName "Application","Security","System"
"Application","Security","System" | ForEach-Object {
Get-Eventlog -Newest 10 -LogName $_
}
That will get you the 10 most recent events in each log. If you want the 10 most recent events of all three logs taken together, you will need to do this:
"Application","Security","System" | ForEach-Object {
Get-Eventlog -Newest 10 -LogName $_
} | Sort-Object -Property Time -Descending | Select-Object -First 10
You can't do it the way you are trying, as -LogName requires a string and you are passing an array.
You could accomplish your task by piping an array into a ForEach-Object and going through the logs one at a time. The %{} is an alias for ForEach-Object
"Application","Security","System" | %{Get-Eventlog -Newest 10 -LogName $_}
Get-eventlog has been replaced by get-winevent. You'd still have to use foreach to get 10 of each. Grouping by logname instead of providername might be less annoying.
echo Application,Security,System | % { get-winevent $_ -maxevents 10 } |
ft -groupby logname
I am extremely new to PowerShell I am trying to create a script that will look thought the system event log and pull out the items that match Error, Verbose , and Warnings; Then I want to export them to a CSV file.
I was able to get each of the variables created for the $errorlog, $verboselog, and $warninglog (shown below).
$errorlog = Get-EventLog system -Newest 200 | Where-Object {$_.entryType -Match 'Error'}
$verboselog = Get-EventLog system -Newest 200 | Where-Object {$_.entryType -Match 'Verbose'}
$warninglog = Get-EventLog system -Newest 200 | Where-Object {$_.entryType -Match 'Warning'}
When I go ahead and try export them to one CSV file it just displays the $errorlog. From what I have gather from various websites the command I am using should be working.
$errorlog,$verboselog,$waninglog | Export-CSV -inputobject -path 'C:\service\test.CSV'
It is tell me that is it missing '-inputobject' so I moved the variables around to look like the following.
Export-CSV -inputobject $errorlog,$verboselog,$warninglog -path 'C:\service\test.CSV'
It exported with out error but it didn't display the data I wanted in the file.
I thank you in advance for your help.
$errorlog = Get-EventLog system -Newest 200| Where-Object {$_.entryType -eq 'Error'}
$verboselog = Get-EventLog system -Newest 200| Where-Object {$_.entryType -eq 'Verbose'}
$warninglog = Get-EventLog system -Newest 200| Where-Object {$_.entryType -eq 'Warning'}
$errorlog+$verboselog+$warninglog | Export-Csv C:\service\test.CSV
I replaced the -match with -eq and dropped the inputobject switch. I also changed the commas to plus symbols to concantinate the results. This worked for me.
Is there a way to pull the most recent 3 error events from the System event log using Get-WMIObject and the win32_ntlogevent class?
$log = Get-WMIobject -ComputerName $server -Credential $cred -class win32_ntlogevent -filter "(logfile='system') AND (type='error')"
I know that Get-EventLog has a -Newest option but I don't see anything like that with WMI
Figured it out
$log | sort TimeGenerated | select -last 3
Don't use WMI for this. Your approach will retrieve all error events from the remote host (which could take quite some time), and then discard all but the latest 3 once you have everything on the local host. Use Get-EventLog and do the filtering at the source:
Get-EventLog -LogName 'System' -EntryType 'Error' -Newest 3
I don't think Wmi query supports limiting the results.
If you are desperate to use your command here is a most inefficient way of getting your expected output -
Get-WMIobject win32_ntlogevent -filter "(logfile='system') AND (type='error')" | select -first 3
Cheers,
G
Get-EventLog -LogName 'System' -EntryType 'Error' -Newest 3
WMI is the far more efficient way, and it returns the log name
$dt = $cdt = Get-Date;$CUmonth = (get-date).adddays(-30);$eventId = Get-EventLog -ComputerName $SystemlogFqdn -LogName 'System' -EntryType 'Error','Warning' -After $CUmonth;"GetMethod: $((New-TimeSpan $dt ($dt = get-date)).totalseconds)"
GetMethod: 163.585552
$dt = $cdt = Get-Date;PS C:\Users\User> $CUmonth = (get-date).adddays(-30);PS C:\Users\User> $eventID = Get-WmiObject Win32_NTLogEvent -ComputerName $SystemlogFqdn -filter "(logfile='system' AND Type <> 'Information' AND TimeWritten >= '$CUmonth')";PS C:\Users\User> "WMIMethod: $((New-TimeSpan $dt ($dt = get-date)).totalseconds)"
WMIMethod: 63.49941
I currently have the code below:
Get-EventLog -LogName Application
| Where-Object EventID -EQ 1033
| Select-Object EventID, Message
So my question is how can I just show the first 10 characters of the Message?
Use the substring method on your message property.
Get-EventLog -LogName Application | Select-Object EventID, #{Label='Message';Expression={$_.Message.Substring(0,10)}}
Just as a follow up:
Get-EventLog -LogName Application
| Where-Object EventID -EQ 1033
| Select-Object EventID, #{l="Message";e={$_.message.substring(0,10)}}
I have a report that gets generated by a script in powershell, it reports to me the event-logs of multiple servers. I didn't make the script, my former colleague did this. I'm new to powershell and just started to learn a bit about it.
I want to exclude a Citrix error event (EventID 110) that doesn't do any harm. (has to do with Session Reliability)
get-eventlog-log application-computername
$server -EntryType error-after $d |select eventid,machinename,entrytype, message, source, timegenerated | ConvertTo-Html
-Head $h -Title "Rapport Server eventlogs" | out-file -append $Report
get-eventlog -log application -computername $server -EntryType error -after $d |select eventid,machinename,entrytype, message, source, timegenerated| where {$_.eventid -ne 110} | ConvertTo-Html -Head $h -Title "Rapport Server eventlogs" | out-file -append $Report