Home > Net >  How to filter the output of Select-Object
How to filter the output of Select-Object

Time:08-12

I'm using this command to return a table of results:

Get-WinEvent -LogName 'System' -MaxEvents 40 | Select-Object TimeCreated, ID, ProviderName, LevelDisplayName, Message | Format-Table -AutoSize

Select-Object is specifically desired because it prevents the results being grouped by ProviderName. I want the results in a single table.

I want to filter results so that it's only returning the top 40 results where the ID is in a list... and I know I can use Where-Object to achieve this with ...Where-Object { $_.ID -match "41|1074|6006|6008" }..., but Where-Object returns the results grouped by ProviderName.

I'm pretty new to Powershell, I've done plenty of searching on the web and experimenting with piping the results of Select-Object, but can't get useful results.

How do I return the top X results matching a particular condition on a property such as ID, but also in a single table?

CodePudding user response:

It's probably more efficient to prefilter by providing Get-WinEvent a filter directly rather than having it pull unfiltered events and then sifting for what you want.

The code below will return only what you want using such filter. Then you can use enter image description here

If you can't save and/or the above as a script you can just keep it in a notepad file and copy & paste into your console.

You'll notice that even on my 27" screen you'll still have to scroll to read the entire message. You could also use Ctrl Wheel to reduce text size.

CodePudding user response:

Posting an answer with the final working version that I prefer, but leaving @Daniel's answer as the accepted answer since it works and was what led me to getting my final working version.

I found this question, which helped: Get-WinEvent -FilterHashTable with multiple IDs in a variable not working

I prefer this version as it's shorter and I think easier to read.

It also became apparent that returning fewer results was fine in my situation. It would be possible to filter by the date as well, but I don't have the time to put toward doing that.

Get-WinEvent -MaxEvents 10 -FilterHashtable @{logname='System'; ID = 41,1074,6006,6008} | 
Select-Object TimeCreated, ID, LevelDisplayName, Message | 
Format-Table -AutoSize

To reiterate for anyone looking at this answer, piping the results into Select-Object means that the results are in one table rather than being grouped by ProviderName.

Page link:https//www.codepudding.com/net/508245.html

Prev:Woocommerce - Turn Off Autocomplete in Checkout Fields via "autocomplete=new-password"
Next:How to interact with interactive elements inside iframe using Selenium
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding