Stack Overflow
Stack Overflow

Questions tagged [get-winevent]

Get-WinEvent is a powershell cmdlet that gets the events in an event log, or a list of the event logs, on the local or remote computers.

Get-WinEvent is a cmdlet that gets the events in an , or a list of the event logs, on the local or remote computers.

See also

74 questions
0
votes
1 answer

Replacement Strings Not Showing Up In Events From Get-WinEvent

I'm using powershell to look at event logs using Get-WinEvent. For some reason, the ReplacementStrings attribute of the events won't show up for me. I'm very stumped on this because it seems to show up for everyone else on the internet. It will show…
Joe Joe
  • 1
0
votes
1 answer

Getting Number of Events in EventLog via Powershell

My goal is to get the amount of EventLog Entries of a specific Log with a small powershell script. The amount should be converted to a variable. Now I am at a point that I really dont know how to accomplish this. Can you help? Maybe there is an…
SpiesserFreak
  • 25
  • 4
0
votes
2 answers

Powershell - Get-WinEvent - send email with message from Event

I am new in powershell. I want to get the events from Task Scheduler/Operational with code of failure, and send an email with all events in the body. # Get all events from yesterday with ID=103 and Text, put in table and send email # Get the…
rabocii
  • 3
  • 2
0
votes
0 answers

Howto FilterHashtable with multi condition

Need help to filter eventID and processName to get windows event via powershell. I'm using "get-winevent -FilterHashtable @{Logname='Security';ID=4688 ; 'ParentProcessName'='OAW' ", It doen't work. I need ID=4688 and ProcessName='OAW' ProcessName is…
big0
  • 11
  • 2
0
votes
0 answers

How to get a part of the string as the output from an eventlog full message using PowerShell?

I am trying to extract some part of the message from the event log output. I ran the below command: $filterXml = ‘ ’ $event =…
vinay prasanth
  • 1
  • 2
0
votes
1 answer

PowerShell: Get-Winevent doesn't work with multiple objects in foreach loop

I enabled the audit event group policy and then I added my test account to Groupname11. When I try to run this without the other group names commented out I don't get anything from $Events. I don't understand what I am doing wrong? $Groups = @( …
BeckaPecka
  • 47
  • 7
0
votes
1 answer

I am trying to get event logs from multiple server but getting error

When I have 1 computer in $ComputerName it works but when I add another computer name it gives error.[Code & Error][1] Sorry about that, Following is the code: $ComputerName = 'Server1','Server2' ForEach($Computer in $ComputerName){ $Info =…
Danish Hassan
  • 1
  • 2
0
votes
1 answer

How to include ProviderName in the command that gets event logs in the past ten hours

$A = @{} $A.Add("StartTime", ((Get-Date).AddHours(-10))) $A.Add("EndTime", (Get-Date)) $A.Add("LogName", "System") (Get-WinEvent -FilterHashtable $A|Select TimeCreated, ProviderName, Message|FL) The above commands will get all "System" event logs…
Matthew Wai
  • 962
  • 7
  • 14
0
votes
0 answers

Get-WinEvent output is truncated

I want to get the records from the Event file but it keeps truncating the messages. Get-WinEvent -LogName 'Microsoft-AppV-Client/Admin' -MaxEvents 5 TimeCreated Id LevelDisplayName Message 10/21/2021 2:29:20 PM 19102…
ornerygoat
  • 13
  • 5
0
votes
1 answer

WinEvent Telling the different objects apart?

I’m listening to global win events for cases such as object destroyed, hidden, shown, created etc… However I’d like to do certain things based on what that handle (HWND) is. For example did a button just get hidden or destroyed or did a window? Was…
Nonlin
  • 550
  • 1
  • 6
  • 18
0
votes
2 answers

Get-WinEvent with match TimeCreated

I'm looking to idea how to check whole Windows log for event matched particular date ex: At the moment stopped on "System" log :( Get-WinEvent System | where {$_.TimeCreated -eq "24.03.2021 20:50:37"} but results show me nothing. I want to use…
Curl User
  • 115
  • 1
  • 3
  • 12
0
votes
2 answers

Query to ignore certein event ID's coming from particular source using Get-WinEvent

I am trying to retrieve some information related to error and warning from archived event log file. using the below query to ignore certein event id's, but the need to to ignore those event id's from a particular source only Below query makes ia m…
Deepak
  • 47
  • 4
0
votes
0 answers

Get-WinEvent - Both Interactive Logon and Logoff Event ID Messages Only

I am newish to PowerShell so still learning. I am wanting to combine the two working commands below into one so the Out-File log will be combined with both the Users Interactive Logon and Logoff Security Event history ID's. Name of the log file does…
RugbyFan
  • 1
0
votes
2 answers

op_Subtraction error when creating a custom psobject, despite desired results retrieved

looking for info on the below piece of code, it actually does what's expected of it. It retrieves the time duration of the 'CreateTimesheets' task for the past 7 days. However it finishes with an error message. Get-WinEvent -FilterHashtable @{ …
mcgovec9
  • 71
  • 7
0
votes
1 answer

get-winevent: changing format file to groupby logname has no effect

I want to change the default output of get-winevent to look like this in powershell 5.1, so the header says the LogName instead of ProviderName. get-winevent application -MaxEvents 1 LogName: Application TimeCreated Id…
js2010
  • 23,033
  • 6
  • 64
  • 66
1 2
3
4 5