Filtering Windows Application EventLog with PowerShell

Here some PowerShell samples to get you going quickly with the Event Log.

I’ve seen EventLogs that are full of noisy and bothersome INFO level messages. For example, we are seeing these “noise” messages about every 10 seconds. So scrolling through the Event Viewer looking for errors can take some time. Obviously, I’m working with other people to stop those messages, but until then… so suppose you want to filter on just the errors for the last 60 minutes?

Use the first command below to get all the errors.

The second shows you how to get all warnings and then further filters by a word in the message.

Get-Eventlog -log application -after ((get-date).addMinutes($minutes*-1)) -EntryType Error 

#Get-Eventlog  -log application -after ((get-date).addMinutes($minutes*-1)) -EntryType Warning  | Where-Object {$_.Message -like '*Mercury*'} 

#Write-Host "---------------------------"
#$el = Get-EventLog -log application -index 1096900 
#write-host $el.Message

The Message will get cut off, but you get a list of the dates and times of the errors or warnings. You can then use the “Index” value to go back the full text of a specific item.

#Write-Host "---------------------------"
$el = Get-EventLog -log application -index 1096900 
write-host $el.Message

See related blog PowerShell EventLog Automated Email

You can also loop through EventLog data and selectively write out whichever fields you want.

#Get-Eventlog -log application -after ((get-date).addMinutes($minutes*-1)) -EntryType Warning 

$logs = Get-Eventlog  -log application -after ((get-date).addMinutes($minutes*-1)) -EntryType Warning  | Where-Object {$_.Message -like '*Mercury*'} 

foreach ($log in $logs) 
    Write-Host "---------------------------"
    Write-Host "Index=$($log.Index)" 
    Write-Host "DateTim: $($log.TimeGenerated) " 
    write-host $log.Message



Leave a Reply