Get-Eventlog - Cmdlet Syntax and Examples

May 07, 2018 0 Comments PowerShell

SYNOPSIS

Gets the events in an event log, or a list of the event logs, on the local or remote computers.

CMDLET ALIASES

none

DESCRIPTION

The Get-EventLog cmdlet gets events and event logs on the local and remote computers.

You can use the parameters of this cmdlet to search for events by using their property values. This cmdlet gets only the events that match all of the specified property values.

The cmdlets that contain the EventLog noun work only on classic event logs. To get events from logs that use the Windows Event Log technology in Windows Vista and later versions of Windows, use Get-WinEvent.

SYNTAX

 Get-EventLog [-LogName] <String> [[-InstanceId] <Int64[]>] [-After <DateTime>] [-AsBaseObject] [-Before <DateTime>] 
 [-ComputerName <String[]>] [-EntryType {Error | Information | FailureAudit | SuccessAudit | Warning}]
 [-Index <Int32[]>] [-Message <String>] [-Newest <Int32>] [-Source <String[]>] [-UserName <String[]>] [<CommonParameters>]

 Get-EventLog [-AsString] [-ComputerName <String[]>] [-List] [<CommonParameters>]


EXAMPLES

get-eventlog -ComputerName SERVER02 -Log System -Newest 50
  • Gets the last 50 events from the system log on SERVER02

get-eventlog -ComputerName SERVER02 -Index 25733
  • gets a specific eventlog entry. Useful after doing a list (see above)

Get-EventLog -LogName Security | Group-Object -Property EntryType
  • create a table of events grouped by event type