Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, October 29, 2009 5:46 AM
Hi Guys,
I am trying to write a script to get events for all critical and warning level events in the application and system logs for a bunch of servers and have them emailed.
This is what I have so far
$logs = "Application", "System"
$yesterday = (get-date) - (New-TimeSpan -day 1)
$s = "localhost"
foreach ($server in $s)
{$server; get-winevent -logname System -computername $server | where {$_.timecreated -ge $yesterday}}
This script just dumps all events but I would like to filter on just critial and warning level events, if possible
Any help would be much appreciated
All replies (6)
Thursday, October 29, 2009 6:45 AM âś…Answered | 2 votes
Yes it is possible. Event objects contain a property named Level and LevelDisplayName. Here is example how to use them:
# select by LevelDisplayName
Get-WinEvent application | ?{$_.LevelDisplayName -eq "Error" -or $_.LevelDisplayName -eq "Warning"}
# select by Level property
# 2 - means Error
# 3 - means Warning
Get-WinEvent application | ?{$_.Level -eq 2 -or $_.Level -eq 3}
Thursday, October 29, 2009 3:12 PM
For emailing, check out the Send-MailMessage cmdlet...
(For anyone reading this and trying this out, Get-WinEvent and Send-MailMessage are PowerShell v2 features; they aren't available with v1.)
Thursday, May 3, 2012 2:35 AM
Is ther a way to use Get-WinEvent application | ?{$_.LevelDisplayName -eq "Error" -or $_.LevelDisplayName -eq "Warning"} but go back to an hour ago. Basically displaying all applications "error" events that have occurred within the past hour?
Cheers.
JCtech4123, Cheers
Thursday, May 3, 2012 3:29 PM
Using Get-Winevent with a Where clause is pretty ineffective compare to these 3 parameters
FilterHashTable
FilterXML
FilterXPath
Cyreli
Monday, May 7, 2012 8:52 PM
Can you give me an example using one of the 3?
Cheers.
JCtech4123, Cheers
Thursday, November 22, 2012 2:26 PM | 2 votes
$server= Get-Content "C:\list.log";
$st= (Get-Date).adddays(-1)
foreach($srv in $server)
{ $srv;Get-WinEvent -computername $srv -FilterHashtable @{logname="system";level=2,3;starttime=$st} | format-table id,timecreated,message -auto}