×
Menu & Search

Show Event Logs in PowerShell

Published
April 3, 2021
Comments
0 Comments

Show Event Logs in PowerShell

In this post, we will explore how to use PowerShell to view event logs. We will use the Get-EventLog command to accomplish this. Specifically, we will cover the following:
List Event Types Available
Get Most Recent Events
Get Events Between a Date Range

List Event Types Available

To list the available event log types on a system using the Get-EventLog command, you can run the following:

# Get event types PowerShell
Get-EventLog -List
Get-EventLog -List

This will return a list of event log types that are available on the system, such as System, Security, and Application. We can then use the -LogName parameter with Get-EventLog to specify a specific event log type to work with.

Get Most Recent Events

To return the most recent Windows events for investigating an error that occurred, you can use the following PowerShell command:

# Get most recent Windows events PowerShell
Get-EventLog -LogName System -Newest 100

This command will retrieve the 100 most recent events from the System event log, which is where many critical errors and warnings are logged by Windows and other applications.

In the next example below I am bringing back the newest 1000 error events, grouping by event name and count of error occurrences. This can give a high-level view of frequent events and recent events on the host. 

# Get most recent application events by count
Get-EventLog -LogName Application -Newest 1000 -EntryType Error | Group-Object -Property Source -NoElement | Sort-Object -Property Count -Descending

Get Events Between a Date Range

Here is a PowerShell script that will get all critical and error events from the Windows event logs between a specified date range. The start and end dates can be passed as parameters to the script:

param(
    [DateTime]$StartDate,
    [DateTime]$EndDate
)

# Get all critical and error events from the Windows event logs
Get-WinEvent -FilterHashtable @{
    LogName = 'System, Application';
    Level = 1, 2;
    StartTime = $StartDate;
    EndTime = $EndDate
}

To run the script, you can use the following command, replacing START_DATE and END_DATE with the actual start and end dates:

.\Get-CriticalAndErrorEvents.ps1 -StartDate '2021-01-01' -EndDate '2021-12-31'

This script uses the Get-WinEvent cmdlet to retrieve events from the Windows event logs. It filters the events by log name (System and Application), level (critical and error), and date range (using the start and end date parameters). It then outputs the resulting events to the console.

Labels

0 Comments

SQL DBA Blog

Peter Whyte

Blog Menu

Categories

Tags

Active Directory (AD) (4) AWS CLI (3) CDC (2) Certificates & Encryption (3) Change Data Capture (2) CSV Files (4) Database Admin (54) Database Backups (10) Data Types (2) Deleting Data (2) Error Messages (4) Featured (4) Git (11) Git Commands (4) Git Log (3) Installing SQL Server (10) Linked Servers (3) Linux Admin (2) Measuring Databases (9) MSSQL SPIDs (3) NetFirewallProfile (3) New-Item PowerShell (2) PowerShell Create Folder (2) PowerShell Delete Files (2) PowerShell ForEach (2) PowerShell Tips (20) PowerShell Version (2) Restoring Databases (7) SQL Server Agent (4) SQL Server ETL (2) SQL Server Management Studio (SSMS) (14) SQL Server Processes (6) SQL Server Scripts (3) SQL Tips (19) SSH (2) SSMS Tips (9) Temp DB (2) Windows Admin (21) Windows Firewall (4) WordPress Tutorials (2) WSL (22) WSL1 (4) WSL2 (4) WSL Ubuntu (6) WSL Version (4)