Searching Event Logs with Powershell

I recently had  a situation where I needed to be able to search an event log for a particular value.

I wrote a quick little script so that our PM could run it with little effort

   1: param ($name)
   2: $user = '*' + $name + '*'
   3: get-eventlog application | where {$_.Message -like $user} | 
   4: format-list Message,TimeGenerated

I am basically searching for event logs that contain a particular name.

It’s pretty straight forward once you find that .Message is what contains the real meat of the event log entry.

You could also obviously use get-eventlog system as well.


One Response to “Searching Event Logs with Powershell”

  1. Joel "Jaykul" Bennett Says:

    Or any of your other event logs, like “Microsoft PowerShell” … use Get-EventLog -List to see what’s available on your system…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: