Why Am I geting an Empty Pipeline Error in this Script

Question

I'm an extremely novice Powershell student who was given the task of getting the following code to work and I keep getting an Empty Pipeline Error at the line remarked 'Gives Empty Pipeline Error'. After quite a few hours of researching this I am still stumped as to what is causing this. The script is supposed to search the Application.evtx log and return any errors from the last 24 hours. I would greatly appreciate any help that could get me pointed in the right direction. Here's the code:

#look for Errors script

#Creates Function named CheckLogs
Function CheckLogs()
{
    # Defines a named parameter $logfile as a string
    param ([string]$logfile)

    if(!$logfile) {write-host "Usage: ""C:\Windows\System32\winevt\Logs\Application.evtx"""; exit}

    # Accesses the file stored in $logfile variable and looks for the string "ERROR" 
    cat $logfile | Select-string "ERROR" -SimpleMatch |select -expand line |

        foreach

        {

            $_ -match '(.+)\s\[(ERROR)\]\S(.+)'| Out-Null

            new-object psobject -Property@{Timestamp=[datetime]$matches[1];Error=$matches[2]}

| #Gives Empty Pipeline Error

            where {$_.timestamp -gt (get-date).AddDays(-1)}

            $error_time=[datetime]($matches[1])

            if ($error_time -gt (Get-Date).AddDays(-1))

            {
                write-output "CRITICAL: There is an error in the log file $logfile around

                    $($error_time.ToShortTimeString( ))"; exit(2)

            }
        }

    write-output "OK: There were no errors in the past 24 hours."

}

CheckLogs "C:\Windows\System32\winevt\Logs\Application.evtx" #Function Call

Answer 1

You can't put the pipe | character on a line by itself. You can end a line with | and then continue the pipeline on the next line though.

This should work:

new-object psobject -Property@{Timestamp=[datetime]$matches[1];Error=$matches[2]} | 
where {$_.timestamp -gt (get-date).AddDays(-1)}