Query EventLog with PowerShell

Posted on by

Hello,

I’ll show you a nice way to use the “Get-WinEvent” cmdlet, to query EventLog very efficiently.

Example, if I want to know when my computer rebooted, and if there are pending reboot, I can use :

Get-WinEvent -FilterHashtable @{'Logname'="System";'ID'=1074,22;'Level'="4"}

If I want the output more readable, I can sort data by Time Like this :

Get-WinEvent -FilterHashtable @{'Logname'="System";'ID'=1074,22;'Level'="4"}  -MaxEvents 5 | Sort-Object TimeCreated -Descending

All of this can be done remotely by using the “-ComputerName” parameter.

This is just an overview to show you how to use the [HashTable] to query EventLog incredibly fast, if you want more details, feel free to use :

Get-Help Get-WinEvent -ShowWindow

0 thoughts on “Query EventLog with PowerShell

  1. Pingback: Query EventLog with PowerShell and FilterXPath | ItForDummiesItForDummies

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.