In my previous blog post,, i had tried to cover the basics of “Event Logs”, and in http://www.amandhally.net/2013/11/12/part-1-working-with-event-logs-using-powershell/previous post we had also saw the use of “Show-EventLog” cmdlet.
There is no benefit of PowerShell if we are exploring “Event Logs” using GUI tools. So let’s start working on PowerShell console.
There are two main cmdlets in PowerShell those are use to get events from various “Event Logs”, the first cmdlet is “Get-EventLog” and the another one is “Get-WinEvent”.
The main difference between these two cmdlets are , The Get-EventLog works only with classic type of Event Logs and on other hand “Get-WinEvent” work with both type of event logs the classic one and the Applications and Service logs too.
Let’s see the use of “Get-EventLog” cmdlet.
Just for your information, I am using Windows 8, so might be you may see few extra event logs in my command outputs.
Let’s check which classic event logs are exists on my laptop. To check that, run the below command.
Get-EventLog -LogName *
You can see that , now we have a list of all classic event logs.
Let’ see the all events in Application Log, run the below command. In the below command we are asking Get-Event log to give us the list of all event log entries is the event log name “Application”
Get-EventLog -LogName Application
But, when you run the above command , your PowerShell console will fill with lots-lots-lost of events.
This massive information is not much useful for us right now, what if ?I want to see the newest 10 event log entries only.
You can do that, you can use –Newest parameter and provide the number of entries which you want to see.
In below command , we are asking Get-EventLog to show the newest 10 entries in the Event log.
Get-EventLog -LogName Application -Newest 10
If you want to see more details of the event log entries, you can use “Format-List” cmdlet to format the output and show us full details of the event log entry.
Get-EventLog -LogName Application -Newest 10 | Format-List -Property *
If you remember, that in my previous blog post , i have mentioned about four type of log’s severity levels, information, warning, error, critical, Failure Audit and Success Audit , we can use those here too, just to a quick note, Get-EventLog cmdlet doesn’t support the Entry type Critical.
what if, you want to see the newest 10 events of entry type Warning.
Get-EventLog -LogName Application –EntryType Warning -Newest 10
See how easy it is
One last trick for today,
You can also define the the time period in After , before format in Get-Eventlog to see the event logs accordingly.
let see the Application’s event log entries those are created after 11th Nov 2013
Get-EventLog -LogName Application -After 11/11/2013
If you want to see the event log entries those are created before a specific date, you can use –Before parameter.
Get-EventLog -LogName Application -Before 11/11/2013”
We also have the flexibility of searching event log entries in a specific time frame, You can use –After and –Before paramters to define a date range to search with-in.
“Get-EventLog -LogName Application -After 7/11/2013 -Before 10/11/2013”
That’s all for today, see you in next post.
Part-1: Working with Event Logs using PowerShell.