10 Examples to Check Event Log on Local and Remote Computer Using PowerShell

Event Viewer is my usual stop to check event log when needed. It has everything I need to find the information I am looking for but still, sometimes I do feel the needs of having a better way to quickly check out the log file from a local and remote computer. Usually, PowerShell is my answer when it happens.

Get-EventLog is the cmdlet used to pull the information from the event log. It has a lot of parameters that you can use to get more accurate and targeted results. Here are some examples for you to get some ideas how it works.

Example #1 – Get the list of available event logs on the local computer

Get-EventLog -List

Example #2 – Get System Log on the local computer

Get-EventLog -LogName System

Well, the result is going to be so long that you won’t be able to find anything useful.

Example #3 – Get the most recent 10 entries from System log

Get-EventLog -LogName System -Newest 10

Windows PowerShell - 2015-09-29 15_31_14

Example #4 – Get local system log on a certain day

Get-EventLog -LogName System -After "09/28/2015" -Before "09/29/2015"

This gets you the list of System log file happened on Sept. 28, 2015.

Example #5 – Get only the error entries from local System log on a certain day

Get-EventLog -LogName System -After "09/28/2015" -Before "09/29/2015" -EntryType Error

Windows PowerShell - 2015-09-29 15_53_58

Example #6 – Get Error and Warning Entries from local System log on a certain day

Get-EventLog -LogName System -After "09/28/2015" -Before "09/29/20115" | Where-Object {$_.EntryType -like 'Error' -or $_.EntryType -like 'Warning'}

Example #7 – Get error and warning System Log entries on a certain day and order by the source

Get-EventLog -LogName System -After "09/28/2015" -Before "09/29/20115" | Where-Object {$_.EntryType -like 'Error' -or $_.EntryType -like 'Warning'} | Sort-Object Source

Windows PowerShell - 2015-09-29 16_00_21

Example #8 – Get error and warning entries from a remote computer on a certain day and order by the source

Get-EventLog -ComputerName "TS" -LogName System -After "09/28/2015" -Before "09/29/20115" | Where-Object {$_.EntryType -like 'Error' -or $_.EntryType -like 'Warning'} | Sort-Object Source

Windows PowerShell - 2015-09-29 16_18_06

Example #9 – Get all System Log entries related to Disk

Get-EventLog -LogName System -Source Disk

Example #10 – Get the list of sources in local system log with the count number

Get-EventLog -LogName System | Group-Object Source | Sort-Object Count -Descending

Windows PowerShell - 2015-09-29 16_25_06

That’s probably enough for the day.

Kent Chen

Microsoft MVP, IT Professional, Developer, Geek, and the co-founder of Next of Windows.

Last updated: 09/08/2016

Posted in: Tips & Tricks
Discover more: ,

Leave a Reply

Notify of
avatar
Gene Torres
Guest

The last example has a bad command:
Get-EventLog -LogName System | Group-Object Source | Order-Object Count -Descending
Should be:
Get-EventLog -LogName Application | Group-Object Source | Sort-Object Count -Descending

Order-Object should be Sort-Object allowed it to run per the example for me

wpDiscuz
Today's Top Picks for Our Readers:
Recommended by Recommended by NetLine