Reputation: 11
Group eventlog entries and count errors
I have the following code which enumerates all event log sources and grabs the last few days worth of errors and warnings.
Get-WinEvent -ListLog * -EA silentlycontinue |
Where-Object { $_.recordcount } |
ForEach-Object {
Get-WinEvent -FilterHashTable @{LogName=$_.logname;
StartTime=(get-date).AddDays(-5) } –MaxEvents 1000 |
Where-object {$_.LevelDisplayName -like 'Error' -OR
$_.LevelDisplayName -like 'Warning'}
}
It currently sorts by log name and then lists all the relevant entries line by line underneath.
ProviderName: Microsoft-Windows-DNS-Server-Service
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
11/29/2018 9:08:57 AM 4013 Warning The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of t...
11/28/2018 8:39:35 PM 4015 Error The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is function...
11/28/2018 8:34:07 PM 4015 Error The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is function...
11/28/2018 8:28:39 PM 4015 Error The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is function...
11/28/2018 8:23:11 PM 4015 Error The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is function...
I'd like to modify the code so that it continues to group by the log provider name, but underneath I'd like it to summarize by count each unique entry. The output will exclude the date, but will list the Id, Level, Message and a new "count" attribute listing the number of times that Id occurred.
Count Id LevelDisplayName Message
-------- ---- ---------------- ------------------
4 4015 Error The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is function...
I'm unable to get the result I'm looking for. Any suggestions?
Upvotes: 1
Views: 743
Answers (1)
Reputation: 1583
I think this is most of what you want.. I had to assume you wanted the count per "log/provider" and that you wanted the warnings and errors in a separate count. I put the results in a custom object which you could change from the custom object to suit your needs.
$b = Get-WinEvent -ListLog * -EA silentlycontinue | Where-Object { $_.recordcount }
ForEach ($a in $b) {
$result = Get-WinEvent -ErrorAction SilentlyContinue -FilterHashTable @{LogName=$a.logname; StartTime=(get-date).AddDays(-5) } –MaxEvents 1000 | where-object {$_.LevelDisplayName -like 'Error' -OR $_.LevelDisplayName -like 'Warning'}
$id=$result | Select-Object -unique id
$Provider = $result.providerName | select -Unique
foreach($i in $id)
{
foreach($p in $Provider)
{
($result | Where-Object{$_.id -eq $i.id})
$filler=($result | Where-Object{$_.id -eq $i.id})[0]
$errorcount = ($result | Where-Object{$_.id -eq $i.id -and $_.leveldisplayname -eq "Error"}).count
$warningCount = ($result | Where-Object{$_.id -eq $i.id -and $_.leveldisplayname -eq "Warning"}).count
[pscustomObject]@{
'Provider' = $p
'ErrorCount' = $errorcount
'WarningCount' = $warningCount
'Id' = $filler.Id
'Message' = $filler.Message
}
}
}
}
Upvotes: 0
Related Questions
- Powershell Count how often an Event ID occurs in a Windows log, limited by a date range
- Get-WinEvent search for all errors
- Get event logs and count warnings
- Pulling Application and system event log in one query
- Export errors and warnings from all event logs using powershell
- Get unique events from Event Log and their count
- Using PowerShell to count unique error messages in a log file
- Get-Event logs and count errors
- Log Monitoring of Multiple Computers with Get-WinEvent
- Get-Eventlog group by Event and Day