Stack Overflow
Stack Overflow

Questions tagged [get-winevent]

Get-WinEvent is a powershell cmdlet that gets the events in an event log, or a list of the event logs, on the local or remote computers.

Get-WinEvent is a cmdlet that gets the events in an , or a list of the event logs, on the local or remote computers.

See also

74 questions
0
votes
1 answer

Export errors and warnings from all event logs using powershell

I am using the following code to export errors and warnings from all event logs into one text file. It works but is very slow and some of the messages are truncated. I wondered if there was a more efficent way of coding it. I'm new to powershell so…
Boyd Fields
  • 31
  • 6
0
votes
1 answer

Get-WinEvent Script

I have a powershell script which is working as expected. I need some help with formatting the output. $Date = (Get-Date).AddDays(-1) Get-ChildItem –Path "D:\Log\" -Recurse | Where-Object {($_.LastWriteTime -lt $Date)} | Remove-Item $filter =…
Arnab
  • 7
  • 5
0
votes
1 answer

powershell Win-GetEvent -MaxEvents

Trying to assemble PS query into EventLog, and playing with MaxEvents limit. It print zero lines if "MaxEvents" is 1, and it print header line and one event when MaxEvents is 2. Is this correct behaviour, or am I miss something? powershell.exe…
user2956477
  • 1,208
  • 9
  • 17
0
votes
2 answers

How to Filter EventLog to get one log per a day - PowerShell

I wrote powershell script to get where specific user was logon. But I want to get only one result per a day. The script is working perfectly, but gives a lot result per day. Here is my script: $StartDate = Get-Date -Year 2019 -Month 12 -Day 01…
Reuven B.S
  • 1
  • 2
0
votes
0 answers

Wrong data type used for parsing 'Task' value of a windows event in powershell

I have defined some windows events which I register to event viewer with an event manifest file. But when I get the events from my provider by invoking powershell command (Get-WinEvent -ListProvider MyProvider).Events I noticed that the task values…
Shuting
  • 1
  • 2
0
votes
1 answer

Get start end time of specific task in event log

Hey i am trying to get the start and finish time of a scheduled task in the event log. I followed the steps here Task Scheduler - get history information into script variables But i can not figure out how to modify it to get just the info from one…
synking
  • 13
  • 4
0
votes
1 answer

Unable to use date variable

I'm still quite new with PowerShell, and what I do right now if I have some requirements, I will search the web and modify the code to what I need. Right now, I am trying to extract RDP user logins from our servers. I have managed to get some codes,…
Roose
  • 1
  • 1
0
votes
1 answer

get-winevent -filterxpath vs select-xml

I'm trying to understand xpath better by trying the same thing in both select-xml and Get-WinEvent. But some Get-WinEvent patterns don't seem to work in Select-Xml. I get: expression must evaluate to a node-set It works if I put "|" instead of…
js2010
  • 23,033
  • 6
  • 64
  • 66
0
votes
1 answer

Retrieve last logon user and login time of remote computer

I have the following code. I don't see any property of Win-Event that holds the name of the user that logged in except for the "Account Name" in the "Message" property. How can I extract only the "Account Name" part of the "Message"…
Cole
  • 183
  • 2
  • 5
  • 13
0
votes
1 answer

Export Windows Logs with Precise Time

I am attempting to export Windows logs using the Get-WinEvent Powershell cmdlet. The following will get me the time precision I am looking for, but this only gets me the timestamp. I need to join the timestamp to other columns that include the…
GilsonRocks
  • 3
  • 3
0
votes
1 answer

powershell filterhashtable credential

I'm having issues adding credentials to my code string. The purpose of this is to pull multiple logs and from a single machine and print out the logs in order of time. For some reason I can never get the get-winevent command to work once I add…
V Williams
  • 1
0
votes
0 answers

How can I know who renamed a specifc group in active directory?

In my environment, someone renamed the "Group name" of an active directory global security group. (I refer here to the attribute sAMAccountName, not the display name) I'd like to know who did so and I can't manage to get it done by PowerShell using…
Martin Vincent
  • 1
0
votes
2 answers

How to return filtered event log entries for TaskDisplayName = 'Boot Performance Monitoring' using Get-WinEvent in PowerShell

The following code works to return the Windows Log events with ID = 100. $Date = (Get-Date).AddDays(-30) Get-WinEvent -FilterHashTable @{ LogName = "Microsoft-Windows-Diagnostics-Performance/Operational"; StartTime = $Date; ID = 100 } -MaxEvents 1 |…
runamuk0
  • 784
  • 1
  • 7
  • 20
0
votes
1 answer

Powershell - Get-WinEvent Replace Text

I have a large script which looks at certain event logs. Part of it is the following command: Get-EventLog -ComputerName $computer -InstanceId 4625 -LogName Security -After $date -ErrorAction Stop | Select TimeWritten,@{n='Reason for…
ryanmaddock
  • 134
  • 1
  • 2
  • 15
0
votes
2 answers

PowerShell vs CMD same command having different results

The following command for a Get-WinEvent command works: PowerShell: Get-WinEvent -FilterHashtable @{Logname=’application’;StartTime="2018-04-20 00:00:00";EndTime="2018-04-20 23:59:59"} CMD: powershell.exe -noprofile -command "Get-WinEvent…
Xanderu
  • 747
  • 1
  • 8
  • 30
1 2 3
4
5