Windows Command Line Powershell error: Missing closing ')' in expression

Question

I'm having trouble formatting this to run as a single command line.

powershell ("$today = [system.datetime](Get-Date); $startTime = $today.AddHours(-4); Get-WinEvent -FilterHashtable @{LogName='Application'; ProviderName='Application Error';Data='internalProcess.exe';StartTime=$startTime;EndTime=$today}")

I'm seeing this error:

At line:1 char:38
+ ($today = [system.datetime](Get-Date); $startTime = $today.AddHours(- ...
+                                      ~
Missing closing ')' in expression.

I'm unclear what the issue is. When I run this in PowershellISE, it's just not finding processes on my laptop with that name.

In powershell ISE:

$today = [system.datetime](Get-Date); $startTime = $today.AddHours(-100); Get-WinEvent -FilterHashtable @{LogName='Application'; ProviderName='Application Error';StartTime=$startTime;EndTime=$today}

Get-WinEvent : No events were found that match the specified selection criteria.
At K:\Cleary\BlobScans\69xxNotFoundEDCS\WinEvents.ps1:21 char:75
+ ... ours(-100); Get-WinEvent -FilterHashtable @{LogName='Application'; Pr ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (:) [Get-WinEvent], Exception
    + FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand

I'm able to run the command without the date part on the device:

powershell ("Get-WinEvent -FilterHashtable @{LogName='Application'; ProviderName='Application Error';Data='internalProcess.exe'}")

(no errors...it lists 3 Application Errors, dated 7/23/2022)

I tried changing the time to -130 hours in the powershell:

powershell ("$today = [system.datetime](Get-Date); $startTime = $today.AddHours(-4); Get-WinEvent -FilterHashtable @{LogName='Application'; ProviderName='Application Error';Data='internalProcess.exe';StartTime=$startTime;EndTime=$today}")

I still see the same error:

At line:1 char:38
+ ($today = [system.datetime](Get-Date); $startTime = $today.AddHours(- ...
+                                      ~
Missing closing ')' in expression.

How do I format the line(s) to run at the windows command line so it doesn't think it's missing closing parenthesis?

May I ask why you're enclosing the string in parenthesis to begin with? Remove them. `PowerShell.exe -Command "..."` suffices. — Abraham Zinala, Jul 27 '22 at 16:32
I can't save it as a script because this is being run remotely on 1000's of devices to look for an issue. We run shell commands without saved scripts. It's being run in parenthesis because there are 4 other shell commands that are being run together. Each command is in parenthesis and joined by &. — Michele, Jul 27 '22 at 17:19
Then shouldn't the parenthesis be before powershell? Where you have them now puts them in powershell's syntax for it's command, and that is not the right syntax. — TheMadTechnician, Jul 27 '22 at 17:22
@TheMadTechnician - You're right, my powershell command was on the wrong side of the parenthesis. Thanks a lot! If you post it as an answer I'll accept it. — Michele, Jul 27 '22 at 17:28
I know this was solved, but curious, why cast `(Get-Date)` as `[DateTime]`? It already returns a `[DateTime]` object... — Keith Miller, Jul 27 '22 at 21:00
@KeithMiller - when I didn't cast Get-Date as datetime, it was giving me 12 as the time, so when I subtracted 4, it wasn't right. There was a point I was using .Date, so it could be I over-compensated when I removed that. — Michele, Jul 28 '22 at 19:08

score 1 · Accepted Answer · answered Jul 27 '22 at 17:37

The parenthesis placement needs to be before the call to run PowerShell.exe instead of after it. As it is PowerShell is interpreting it as part of the syntax, and that isn't right. You need cmd to read it as a grouping to run powershell with the specified command instead. Move the parenthesis before PowerShell to fix the syntax.

Windows Command Line Powershell error: Missing closing ')' in expression

1 Answers1