0

I need a query that returns the SourceName, Logfile, EventIdentifier, Type, NumberOfEvents from Win32_NTLogEvent where NumberOfEvents is the number of events that share common SourceName, LogFile and EventIdentifier (I am not sure about Type). I would like to use the query in a PowerShell script using Get-CimInstance.

Other solutions to the same problem that can be used in PowerShell is also much appreciated!

James Bond
  • 13
  • 1
  • 1

1 Answers1

0

Try following:

$Logs = Get-WmiObject -class Win32_NTLogEvent -filter "(logfile='Application')"
Write-Host $logs

of course, filter you can change. If you prefer other "format" of result you can for example to something like: 

$Logs | Format-Table EventCode, EventType, Message -auto

UPDATE: I just read your question again :) To do grouping just invoke:

$logs | Group-Object Type,LogFile,EventCode
Piotr Stapp
  • 19,392
  • 11
  • 68
  • 116
  • Thanks for your answer but the point of using a query is that the server does the job. On my Windows there are more than 100k events so this does make sense. Maybe I haven't made it clear that this Get-CimInstance is using a remote server. – James Bond Apr 07 '13 at 18:08