Searching the Event Log

Exporting event logs to text, to XML, or to some other format before searching the data involves an extra step and is not as useful in the ebb and flow of production system operations as reading an online log. For this reason, it's important to brush up on your searching skills. The easiest way to search the event log involves using the Get-EventLog cmdlet. But rather than saving the data to an intermediate format, simply pipe the results into another cmdlet to perform the search. You'll soon learn several techniques for doing this. One of these techniques is the SearchByEventID.ps1 script, shown here.

Example 3-12. SearchByEventID.ps1

Get-EventLog -LogName system |
Where-Object { $_.eventID -eq 1129 }

To search the event ...

Get Windows PowerShell™ Scripting Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Windows PowerShell™ Scripting Guide by

Searching the Event Log

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly