24/7/365 Support

Find Event Log Entries with Specific Text

Problem

You want to retrieve all event log entries that contain a given term.

Solution

To find specific event log entries, use the GetEventLog cmdlet to retrieve the items, and then pipe them to the WhereObject cmdlet to filter them, as shown in Example 202.

Example 202. Searching the event log for entries that mention the term “disk”

PS >GetEventLog System | WhereObject { $_.Message match "disk" }

Index Time Type Source EventID Message

2920 May 06 09:18 Info Service Control M... 7036 The Logical Disk... 2919 May 06 09:17 Info Service Control M... 7036 The Logical Disk... 2918 May 06 09:17 Info Service Control M... 7035 The Logical Disk... 2884 May 06 00:28 Erro sr 1 The System Resto... 2333 Apr 03 00:16 Erro Disk 11 The driver detec... 2332 Apr 03 00:16 Erro Disk 11 The driver detec... 2131 Mar 27 13:59 Info Service Control M... 7036 The Logical Disk... 2127 Mar 27 12:48 Info Service Control M... 7036 The Logical Disk... 2126 Mar 27 12:48 Info Service Control M... 7035 The Logical Disk... 2123 Mar 27 12:31 Info Service Control M... 7036 The Logical Disk... 2122 Mar 27 12:29 Info Service Control M... 7036 The Logical Disk... 2121 Mar 27 12:29 Info Service Control M... 7035 The Logical Disk...

Discussion

Since the GetEventLog cmdlet retrieves rich objects that represent event log entries, you can pipe them to the WhereObject cmdlet for equally rich filtering.

By default, PowerShell’s default table formatting displays a summary of event log entries. If you are searching the event log message, however, you are probably interested in seeing more details about the message itself. In this case, use the FormatList cmdlet to format these entries in a more detailed list view. Example 203 shows this view.

Example 203. A detailed list view of an event log entry

PS >GetEventLog System | WhereObject { $_.Message match "disk" } | >> FormatList >>

Index
: 2920

EntryType
: Information

EventID
: 7036

Message
: The Logical Disk Manager Administrative Service servi

ce entered the stopped state.

Category
: (0)

CategoryNumber
: 0

ReplacementStrings : {Logical Disk Manager Administrative Service, stopped

} Source : Service Control Manager TimeGenerated : 5/6/2007 9:18:25 AM TimeWritten : 5/6/2007 9:18:25 AM UserName :

Index : 2919 (...)

For more information about the GetEventLog cmdlet, type GetHelp GetEventLog.

Help Category:

Email Us- Get access to the dedicated servers by Hosting Ultraso

Request a Quote for dedicated server requirements from Hosting Ultraso

Call Us- Hosting Ultraso

Get Windows Dedicated Server

Only reading will not help you, you have to practice it! So get it now.

Processor RAM Storage Server Detail
Intel Atom C2350 1.7 GHz 2c/2t 4 GB DDR3 1× 1 TB (HDD SATA) Configure Server
Intel Atom C2350 1.7 GHz 2c/2t 4 GB DDR3 1× 128 GB (SSD SATA) Configure Server
Intel Atom C2750 2.4 GHz 8c/8t 8 GB DDR3 1× 1 TB (HDD SATA) Configure Server
Intel Xeon E3-1230 v2 3.3 GHz 4c/8t 16 GB DDR3 1× 256 GB (SSD SATA) Configure Server
Intel Atom C2350 1.7 GHz 2c/2t 4 GB DDR3 1× 250 GB (SSD SATA) Configure Server
Contact Us for Help
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

What Our Clients Say