Ismail Kaleem
Reputation: 35
Get-WinEvent Select time and field within data item of 1
I am trying to view all events in 7045 where i am able to extract path name. However I want to select the timestamp of the event as well?
Get-WinEvent -Path ".\System.evtx" |
where {$_.id -eq "7045"} |
Foreach {([xml]$_.ToXml()).GetElementsByTagName("Data").itemOf(1)} |
Select -ExpandProperty "#text" -Unique
Get-WinEvent -Path ".\System.evtx" |
where {$_.id -eq "7045"} |
Foreach {([xml]$_.ToXml()).GetElementsByTagName("Data").itemOf(1)} |
Select -ExpandProperty "#text" -Unique
Get-WinEvent -Path ".\System.evtx" |
where {$_.id -eq "7045"} |
Foreach {([xml]$_.ToXml()).GetElementsByTagName("Data").itemOf(0)} |
Select -ExpandProperty "#text" -Unique
i want to get the output TimeCreated, Service Name, Service Path
At moment with 2 queries i can get the service name & then the service path?
Upvotes: 1
Views: 234
Answers (1)
TessellatingHeckler
Reputation: 28963
This might do it:
Get-WinEvent -FilterHashtable @{LogName='System'; ID=7045} |
Select-Object -Property TimeCreated,
@{Label='Service Name'; Expression={$_.properties[0].Value}},
@{Label='Service Path'; Expression={$_.properties[1].Value}}
Upvotes: 3
Related Questions
- Get-WinEvent with match TimeCreated
- Pulling Application and system event log in one query
- PowerShell parsing Win-Event XML
- Powershell filter output data from Get-WinEvent
- Export Windows Logs with Precise Time
- Failed to get Event-Data Field Data in PowerShell
- PS using Get-WinEvent with FilterXPath and datetime variables?
- Selecting specific lines/data from Get-Winevent message in powershell
- Powershell Get-Eventlog Filter by Time
- get time of forwarded events with Get-winevent?