I'm trying to extract some records from the Windows System Log with PowerShell 7 using "get-winevent"
I'm getting different errors depending on the many variations of my command I've run, using various posts as guides.
Note: $tm below is a concatenation of the date and time in UTC (2023-08-11T02:00:00.000Z)
Command:
PS C:\Users\~salcicct> get-winevent -LogName System -FilterXPath *[System[Provider[@Name='User32' or @Name='Microsoft-Windows-WindowsUpdateClient'] and (Level=1 or Level=4 or Level=0) and TimeCreated[@SystemTime -ge $tm]]]
Returns: Level=1: The term 'Level=1' is not recognized as a name of a cmdlet, function, script file, or executable program. Or I get "Get-WinEvent: The specified query is invalid."
If I use single or double quotes for Level = '1', etc. it fails.
And if I take out the whole "level" business, it starts complaining about "and".
Can anyone help me with the correct syntax?
I have tried many variations of the syntax based on different articles/posts to which I have been referring. I am running the command in an elevated shell.
