Get-EventLog can read events only from one event log at a time. If you want to find events in multiple event logs, you can append array information, though:
$events =
@(Get-EventLog -LogName
System -EntryType
Error)
$events +=
Get-EventLog -LogName
Application -EntryType
Error
$events
In these
cases, it might be easier to use WMI in the first place - which can
query any number of event logs at the same time.This will get you the first 100 error events from the application and system log (cumulated, so if the first 100 errors are in the application log, no system log errors will be reported, of course):
Get-WmiObject -Class
Win32_NTLogEvent -Filter
'Type="Error" and
(LogFile="System" or LogFile="Application")' |
Select-Object
-First 100 -Property TimeGenerated, LogFile, EventCode, Message
When you replace
Get-WmiObject with Get-CimInstance (which is new in PowerShell 3.0), then the
cryptic WMI datetime format is automatically converted to normal date and
times:
Get-CimInstance -Class Win32_NTLogEvent -Filter 'Type="Error" and (LogFile="System" or LogFile="Application")' |
Select-Object
-First 100 -Property TimeGenerated, LogFile, EventCode, Message
No comments:
Post a Comment