CIB Engineering

PowerShell has a terrific cmdlet in Get-Eventlog that makes it easy to find information in a system's event log. Since different systems may have different event logs, one of the first commands you'll want to use is this.

To get you started, here are five examples to type at the PS prompt type:

1. get-command
2. get-command *event
3. get-Eventlog system
4. get-Eventlog system -newest 100
5. get-Eventlog system -newest 100 | where {$_.eventid -eq 20}
6. get-eventlog -list
7. get-eventlog powershell -newest 5 |format-list
8. get-eventlog System -newest 5 |where {$_.EventID -eq 7036}
9. $logs=get-eventlog System |where {$_.EventID -eq 7036}

 

Say you just want to decide after executing a command that which log file you want to pull the logs from and

report back the last 5 logs for that specific log name.

 

1. powershell get-eventlog $log.LogDisplayName -newest 5
   1. you'll be prompted to enter which log you want to look at > key in application/or system here.