Reputation: 1
Get events from yesterday
I am trying to use PowerShell to get the results from the TaskScheduler events since yesterday. This is my code:
Get-WinEvent -LogName Microsoft-Windows-TaskScheduler/Operational -MaxEvents 5 |
Where-Object ($_.TimeCreated -gt [DateTime]::Today.AddDays(-1))
Format-List *
Notes:
The
-MaxEvents 5is to limit output while I am developing.When I remove the
Where-objectthe cmdlet returns a full list. This is expected since no filtering is applied. So the error must be in the way the filtering is being done.
Upvotes: 0
Views: 2867
Answers (1)
Reputation: 13217
You can use the FilterHashTable property of Get-WinEvent to filter, it will be faster than retrieving all the events and then filtering only those you want.
This retrieves all events in the last day from the System log as I don't have any logging for TaskScheduler.
$date = (Get-Date).AddDays(-1)
$events = Get-WinEvent -FilterHashTable @{ LogName = "System"; StartTime = $date;}
$events | Format-List
You can filter on pretty much any field in the event log - further info on this
Upvotes: 1
Related Questions
- Pulling EventLogs using powershell from a certain time period
- Powershell get eventlog source
- PowerShell - Get Win-Event of today
- Get-scheduled task to see history for more than last run
- How do I monitor a specific task scheduler event to using PowerShell
- Trigger powershell based on event log
- Task Scheduler - get history information into script variables
- Event Log by date
- Windows Task Scheduler Event ID
- Powershell Scheduled Tasks conflicts?