Home > Software design >  Powershell - Efficient way to pull event viewer logs
Powershell - Efficient way to pull event viewer logs

Time:12-03

Currently it takes 15-20 seconds to pull specific event viewer logs, is there a more efficient way to accomplish the same end result?

I need the last 5 minutes' worth of application logs for Instance ID 21.

Start-Transcript -Path C:\Windows\Blah\Data\Logs\Temp\StatusErrors.TXT -Append -Force -ErrorAction SilentlyContinue
Get-EventLog -LogName application -After (Get-Date).AddMinutes(-5) -InstanceID 21 -Message "*device*" | Select-Object -ExpandProperty message
Stop-Transcript

CodePudding user response:

I am not getting into the logic of it because already it is yielding results. Get-Eventlog is kinda obsolete. Use Get-WinEvent where you can use advanced XPath and XML filters and the log will use its indexes to return targeted events very quickly.

A sample below:

$filter = @{
    LogName = 'application'
    ID = 21
    StartTime = (Get-Date).AddMinutes(-5) 
}
#$Computer = "Hostname" ## In case you are running it remotely
Get-WinEvent -FilterHashTable $filter #-ComputerName $Computer (Commented out since it is when you run remotely)

Hope it helps.

Page link:https//www.codepudding.com/Softwaredesign/630332.html

Prev:Powershell: foreach loop giving incorrect output
Next:Powershell - Need to recognize if there is more than one result (regex)
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding