Problem
You want to retrieve a specific event log entry.
Solution
To retrieve a specific event log entry, use the GetEventLog cmdlet to retrieve the entries in the event log, and then pipe them to the WhereObject cmdlet to filter them to the one you are looking for.
PS >GetEventLog System | WhereObject { $_.Index –eq 2920 }
Index Time Type Source EventID Message
2920 May 06 09:18 Info Service Control M... 7036 The Logical Disk...
Discussion
If you’ve listed the items in an event log or searched it for entries that have a message with specific text, you often want to get more details about a specific event log entry.
Since the GetEventLog cmdlet retrieves rich objects that represent event log entries, you can pipe them to the WhereObject cmdlet for equally rich filtering.
By default, PowerShell’s default table formatting displays a summary of event log entries. If you are retrieving a specific entry, however, you are probably interested in seeing more details about the entry. In this case, use the FormatList cmdlet to format these entries in a more detailed list view, as shown in Example 204.
Example 204. A detailed list view of an event log entry
PS > GetEventLog System | WhereObject { $_.Index –eq 2920 } | >> FormatList >>
Index
: 2920
EntryType
: Information
EventID
: 7036
Message
: The Logical Disk Manager Administrative Service servi
ce entered the stopped state.
Category
: (0)
CategoryNumber
: 0
ReplacementStrings : {Logical Disk Manager Administrative Service, stopped
} Source : Service Control Manager TimeGenerated : 5/6/2007 9:18:25 AM TimeWritten : 5/6/2007 9:18:25 AM UserName :
Index : 2919 (...)
For more information about the GetEventLog cmdlet, type GetHelp GetEventLog.
