Search, view, export to CSV event log events from one or more machines v1.4.4

Release note : Added support for Powershell 2.0 for Windows 2008 / 2008 R2 systems with Powershell V2.0Get-Help .\Get-EventsFromEventLogs.ps1 -ExamplesFrom my Blog Post:Here’s a script that exports the events of your choice (you chose one or more Event IDs you want to export), fr

 
 
 
 
 
5 Star
(2)
1,751 times
Add to favorites
5/4/2018
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Can't query Security log...
    1 Posts | Last post February 16, 2019
    • It always says:  No such events with EventID =  in the Security event log on this computer...
      
      I have no problem scanning the application and system log.
      
  • offline computers
    2 Posts | Last post February 16, 2019
    • Looks like your script does not check for a computer being offline?   Right now I have your script running indefinitely because its trying to connect to an offline computer.  Anyway you can modify your script to work around this?  Maybe output a list of computers that were found offline?
      
      Great work!  This works really well with the PowerBI Template to look at events.  I'm trying to make this work for my workplace, helps find problems and such.  Thank you.
    • I was able to test by adding a bit of code, probably better ways to do it.  
      
      Foreach ($computer in $computers)
      {
      
        IF (Test-Connection -BufferSize 32 -Count 1 -ComputerName $Computer -Quiet) 
        {
          
          Write-host "Checking Computer $Computer" -BackgroundColor yellow -ForegroundColor Blue
          Try
          {
              $LastEvent = Get-WinEvent -ComputerName $Computer -Logname 'Application' -oldest -MaxEvents 1
              Write-host "Event logs on $computer goes as far as $($LastEvent.TimeCreated)"
              Try
              {
                  $Events = Get-WinEvent -FilterHashtable $FilterHashProperties -MaxEvents $NumberOfLastEventsToGet -Computer $Computer -ErrorAction stop | select MachineName, LogName, TimeCreated, LevelDisplayName, ProviderName, ID, Message
                  Foreach ($Event in $Events) {
                      If ($Event.Message -ne $null){
                          $Event.Message = $Event.Message.Replace("`r","#")
                      }
                  }
                  Write-host "Found at least $($Events.count) events ! Here are the $NumberOfLastEventsToGet last ones :"
                  $Events | Select -first $NumberOfLastEventsToGet | ft -a
                  $Events4All += $Events
              }
              Catch
              {
                  Write-Host "No such events with EventID = $($FilterHashProperties.ID) in the $($FilterHashProperties.LogName) event log on this computer..." -ForegroundColor Green
              }
              Finally
              {
                  Write-Host "OK_"
              }
          }
          Catch
          {
              Write-Host "Error accessing Event Logs of $computer" -ForegroundColor Red
          }
      
         } 
         Else
          {
          }
      
      }
      
      Write-host "Found $($Events4all.count) Events in total ..." -BackgroundColor blue -ForegroundColor yellow