Get-EventLog

Get eventlog data. [DEPRECATED]

Syntax
      Get-EventLog [-logName] string [-newest int]
        [CommonParameters]

      Get-EventLog [-list] [-asString]
        [CommonParameters]

Key:
   -logName string
       Name of the log file from which to get log events.

   -list 
       Return a list of the log files available.

   -asString 
       Send the output as a string, instead of object(s).

   -newest 
       Gets the newest 'n' event log entries, where 
       'n' represents a numerical value for the newest 
       entries in the eventlog.

In PowerShell 7.0 Get-EventLog is no longer supported, use Get-WinEvent instead.

Get-EventLog works against the 'classic' event logs making it compatible with Windows XP and 2003. When used with current versions of Windows, this cmdlet will be very slow and will often return incorrect event messages.

To query the new style event logs first introduced in Windows Vista use Get-WinEvent.

Event logs often contain tens of thousands of event log entries, so consider using -Newest parameter to limit the number of entries returned.

Examples

Display the 50 most recent entries in the Application event log:

PS C:\> get-eventlog -newest 50 -logname application

Get the 100 recent entries from the System event log and store in $MyEvents.
Then pipeline the results to group-object to group them by event id.

PS C:\> $events = get-eventlog -logname system -newest 100
PS C:\> $events | group-object eventid

Write a new message to the Application eventlog:

PS C:\> $log = Get-EventLog -List | Where-Object { $_.Log -eq "Application" }
PS C:\> $log.Source = "Test"
PS C:\> $log.WriteEntry("Test message")

PS C:\> Get-EventLog Application -Newest 1 | Select Message

"The Statesman who yields to war fever must realize that once the signal is given, he is no longer the master of policy but the slave of unforeseeable and uncontrollable events" ~ Sir Winston Spencer Churchill

Related PowerShell Cmdlets

Get-WinEvent - Get event log data.
Get-Event - Get PowerShell events in the event queue.


 
Copyright © 1999-2024 SS64.com
Some rights reserved