Get-EventLog

 

Additional Resources for Get-EventLog

 

Managing Event Logs and Event Log Events

http://www.microsoft.com/technet/scriptcenter/topics/msh/cmdlets/get-eventlog.mspx

 

 

SYNOPSIS

Gets information about local event logs or the entries stored in those event logs.

 

SYNTAX

Get-EventLog [-logName] <string> [-newest <int>] [<CommonParameters>]

 

Get-EventLog [-list] [-asString] [<CommonParameters>]

 

DETAILED DESCRIPTION

Gets information about local event logs or the entries stored in those event logs.

 

PARAMETERS

 

-logName <string>

Specifies the name of the log file from which to get events.

 

Required?

true

Position?

1

Default value

 

Accept pipeline input?  

false

Accept wildcard characters? 

false

 

-list <SwitchParameter>

Returns a list of all event logs, rather than the entries from a specific log.

 

Required?

false

Position?

named

Default value

 

Accept pipeline input?  

false

Accept wildcard characters? 

false

 

-asString <SwitchParameter>

Sends the output as strings instead of objects.

 

Required?

false

Position?

named

Default value

 

Accept pipeline input?  

false

Accept wildcard characters? 

false

 

-newest <int>

Gets the newest 'n' event log entries, where 'n' represents a numerical value for the newest entries in the eventlog.

 

Event logs commonly contain tens of thousands of event log entries, or perhaps more, so consider using the -Newest parameter to limit the number of entries returned.

 

Required?

false

Position?

named

Default value

 

Accept pipeline input?  

false

Accept wildcard characters? 

false

 

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, and -OutVariable. For more information, type, "get-help about_commonparameters".

 

INPUT TYPE

None

 

RETURN TYPE

Object, String

 

NOTES

 

The EventID property of an event consists of the two low-order bytes of the System.Diagnostics.EventLogEntry.EventID property. Windows PowerShell defines a Script Property named EventID, which overrides the EventID property and returns only the two low-order bytes. You can retrieve the original EventID property value by using the get_EventID() method.

 

For more information, type "Get-Help Get-EventLog  -detailed". For technical information, type "Get-Help Get-EventLog -full".

 

When specifying multiple values for a parameter, use commas to separate the values. For example, "<parameter-name> <value1>, <value2>".

 

EXAMPLE 1

 

get-eventlog -list

 

This command displays information about the event logs on the computer.

 

EXAMPLE 2

 

get-eventlog -newest 5 -logname application

 

This command displays the 5 most recent entries in the Application event log.

 

EXAMPLE 3

 

$events = get-eventlog -logname system -newest 1000

$events | group-object eventid

 

This command gets the 1000 most recent entries from the System event log and stores them in the $events variable. The results are then pipelined to the group-object cmdlet to group them by event id.