ViV
Reputation: 2118
Unique identifier for an event in Event Log
I have a Windows Event Log file (.evt/.evtx) and I want to select a particular event from the Event Log using power shell. I see cmdlets like
$provider = Get-WinEvent -listprovider $EventSource
$ProviderEvent = $provider.events | Where-Object {($_.ID -eq 4)}
to query the event log, but in my .evtx, there are multiple events with same ID.
Hence, my question is - how to pin point to an individual event, (using what fields)?
Upvotes: 0
Views: 1511
Answers (1)
Shay Levy
Reputation: 126712
Check the RecordId property:
$provider.events | Where-Object {$_.ID -eq 4} | foreach {$_.RecordId}
Upvotes: 1
Related Questions
- What event id to use for my custom event log entries?
- Identify first and last event from an event log .net or powershell
- Set Event ID per log when writing to Windows Event Log
- How to store an object in the Windows Event Log?
- Get unique events from Event Log and their count
- Working with Windows Event Logs in PowerShell
- PowerShell Security Log
- Unique EventId generation
- Query Multiple event id using Get-EventLog
- Uniquely identifying an Event Log entry in C#