Get eventlog data, list the event logs.
Syntax
Get-EventLog [-logName] string [-newest int]
[CommonParameters]
Get-EventLog [-list] [-asString]
[CommonParameters]
Key:
-logName string
Name of the log file from which to get log events.
-list
Return a list of the log files available.
-asString
Send the output as a string, instead of object(s).
-newest
Gets the newest 'n' event log entries, where
'n' represents a numerical value for the newest
entries in the eventlog.
CommonParameters:
-Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable,
-OutBuffer -OutVariable.
Event logs often contain tens of thousands of event log entries, so consider using -Newest parameter to limit the number of entries returned.
Examples
Display the 50 most recent entries in the Application event log:
PS C:\> get-eventlog -newest 50 -logname application
Get the 100 recent entries from the System event log and store in $MyEvents.
Then pipeline the results to group-object to group them by event id.
PS C:\> $events = get-eventlog -logname system -newest 100
PS C:\> $events | group-object eventid
Write a new message to the Application eventlog:
PS C:\> $log = Get-EventLog -List | Where-Object { $_.Log -eq "Application" }
PS C:\> $log.Source = "Test"
PS C:\> $log.WriteEntry("Test message")
PS C:\> Get-EventLog Application -Newest 1 | Select Message
"The Statesman who yields to war fever must realize that once the signal is given, he is no longer the master of policy but the slave of unforeseeable and uncontrollable events" - Sir Winston Spencer Churchill
Related Powershell Commands:
Get-WinEvent - Get events from event logs and event trace logs
Get-Event - Get events in the event queue
Show-EventLog - Display an event log
