CODEWITHSUNDEEP
powershell-3.0
Vineet Verma
Vineet Verma

Reputation: 1

powershell Get-Winevent -FilterXML

When I run the following query...

C:\>powershell "Get-WinEvent -FilterXML ""<QueryList><Query><Select Path='System'>*[System[(EventID=1074 or EventID=6013) and TimeCreated[@SystemTime&gt;='2015-01-23T05:00:00.000Z' and @SystemTime&lt;='2015-01-27T17:59:59.999Z']]]</Select></Query></QueryList>" ""

...I am getting the output in tabular format:

ProviderName: EventLog

TimeCreated                     Id LevelDisplayName Message

-----------   -- ---------------- -------

1/27/2015 12:00:00 PM         6013 Information      The system uptime is 349...

.....

But when I try to use Select-Object...

C:\>powershell "Get-WinEvent -FilterXML ""<QueryList><Query><Select Path='System'>*[System[(EventID=1074 or EventID=6013) and TimeCreated[@SystemTime&gt;='2015-01-23T05:00:00.000Z' and @SystemTime&lt;='2015-01-27T17:59:59.999Z']]]</Select></Query></QueryList>" | Select-Object TimeCreated""

...I get the following error:

'Select-Object' is not recognized as an internal or external command, operable program or batch file.

Why am I getting this error? I am running this on Server 2008 Standard Edition, 32-bit and I have to run it through normal command prompt.

Upvotes: 0

Views: 2193

Answers (1)

SpellingD
SpellingD

Reputation: 2621

The problem is an issue with special characters and escaping them from CMD.

This easiest solution is to convert your command to a Base64 string and run Powershell with the -EncodedCommand parameter. This eliminates the need for special characters needing to be in the prompt.

From Powershell help:

#To use the -EncodedCommand parameter:
$command = 'dir "c:\program files" '
$bytes = [System.Text.Encoding]::Unicode.GetBytes($command)
$encodedCommand = [Convert]::ToBase64String($bytes)
powershell.exe -encodedCommand $encodedCommand

After doing the above it ran without error through CMD. For convenience, this is the following Base64 string to use: RwBlAHQALQBXAGkAbgBFAHYAZQBuAHQAIAAtAEYAaQBsAHQAZQByAFgATQBMACAAIgA8AFEAdQBlAHIAeQBMAGkAcwB0AD4APABRAHUAZQByAHkAPgA8AFMAZQBsAGUAYwB0ACAAUABhAHQAaAA9ACcAUwB5AHMAdABlAG0AJwA+ACoAWwBTAHkAcwB0AGUAbQBbACgARQB2AGUAbgB0AEkARAA9ADEAMAA3ADQAIABvAHIAIABFAHYAZQBuAHQASQBEAD0ANgAwADEAMwApACAAYQBuAGQAIABUAGkAbQBlAEMAcgBlAGEAdABlAGQAWwBAAFMAeQBzAHQAZQBtAFQAaQBtAGUAJgBnAHQAOwA9ACcAMgAwADEANQAtADAAMQAtADIAMwBUADAANQA6ADAAMAA6ADAAMAAuADAAMAAwAFoAJwAgAGEAbgBkACAAQABTAHkAcwB0AGUAbQBUAGkAbQBlACYAbAB0ADsAPQAnADIAMAAxADUALQAwADEALQAyADcAVAAxADcAOgA1ADkAOgA1ADkALgA5ADkAOQBaACcAXQBdAF0APAAvAFMAZQBsAGUAYwB0AD4APAAvAFEAdQBlAHIAeQA+ADwALwBRAHUAZQByAHkATABpAHMAdAA+ACIAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAFQAaQBtAGUAQwByAGUAYQB0AGUAZAA=

Upvotes: 1

Related Questions