I tried running the following command in PS:

Get-EventLog -LogName Security | findstr 4720

The result I got seems to be squished as if the column widths need to be adjusted. How can I view all the text that is after the ellipses (...)? See screenshot: https://i.imgur.com/fqV5qIs.png

How to view the returned info in full?

CodePudding user response：

As Santiago mentioned you can use Format-Table.

Though since it looks like you're looking for a specific Event ID, I'd recommend instead of using findstr (which may return unrelated results as it's searching for '4720' anywhere in your results - unless that's your intention of course) instead target the attribute using the Where-Object cmdlet (or its' alias ?). Also, if you want a "pure" PowerShell solution I'd recommend using Select-String instead of findstr

E.g.

Get-EventLog -LogName Security | Where-Object {$_.EventID -eq "4720"} | Format-Table -AutoSize -Wrap

CodePudding user response：

To expand on the answer from @Novalis, Where-Object like that is definitely faster than findstr, and the Format-Table should sort out the ... you're seeing.

But to take it one step further an even faster method is to use -FilterHashtable. Specifically :

Get-WinEvent -FilterHashtable @{Logname='Security';ID=4720} | Format-Table -AutoSize

The reason it's faster is because when using Where-Object you're asking the system for ALL of the system logs, and then once received by your script you're then filtering them out (same with findstr). FilterHashtable just requests the log entries from system that match the require event ID, so less data needs to be sent to your script.