Event Viewer is my usual stop to check event log when needed. It has everything I need to find the information I am looking for but still, sometimes I do feel the needs of having a better way to quickly check out the log file from a local and remote computer. Usually, PowerShell is my answer when it happens.
Get-EventLog is the cmdlet used to pull the information from the event log. It has a lot of parameters that you can use to get more accurate and targeted results. Here are some examples for you to get some ideas how it works.
Example #1 – Get the list of available event logs on the local computer
Get-EventLog -List
Example #2 – Get System Log on the local computer
Get-EventLog -LogName System
Well, the result is going to be so long that you won’t be able to find anything useful.
Example #3 – Get the most recent 10 entries from System log
Get-EventLog -LogName System -Newest 10
Example #4 – Get local system log on a certain day
Get-EventLog -LogName System -After "09/28/2015" -Before "09/29/2015"
This gets you the list of System log file happened on Sept. 28, 2015.
Example #5 – Get only the error entries from local System log on a certain day
Get-EventLog -LogName System -After "09/28/2015" -Before "09/29/2015" -EntryType Error
Example #6 – Get Error and Warning Entries from local System log on a certain day
Get-EventLog -LogName System -After "09/28/2015" -Before "09/29/20115" | Where-Object {$_.EntryType -like 'Error' -or $_.EntryType -like 'Warning'}
Example #7 – Get error and warning System Log entries on a certain day and order by the source
Get-EventLog -LogName System -After "09/28/2015" -Before "09/29/20115" | Where-Object {$_.EntryType -like 'Error' -or $_.EntryType -like 'Warning'} | Sort-Object Source
Example #8 – Get error and warning entries from a remote computer on a certain day and order by the source
Get-EventLog -ComputerName "TS" -LogName System -After "09/28/2015" -Before "09/29/20115" | Where-Object {$_.EntryType -like 'Error' -or $_.EntryType -like 'Warning'} | Sort-Object Source
Example #9 – Get all System Log entries related to Disk
Get-EventLog -LogName System -Source Disk
Example #10 – Get the list of sources in local system log with the count number
Get-EventLog -LogName System | Group-Object Source | Sort-Object Count -Descending
That’s probably enough for the day.
The last example has a bad command:
Get-EventLog -LogName System | Group-Object Source | Order-Object Count -Descending
Should be:
Get-EventLog -LogName Application | Group-Object Source | Sort-Object Count -Descending
Order-Object should be Sort-Object allowed it to run per the example for me
Thank you for pointing it out. It’s been updated. I guess I am still a SQL guy instead. 🙂
Hi!
You can get the results in a nice filterable grid with
Get-EventLog -LogName System | Out-GridView
Regards