locked
Get-WinEvent by Date and Export RRS feed

  • Question

  • I have attempted the following with a stop on

    Get-WinEvent -FilterHashtable @{LogName='System';StartTime=$StartTime=Get-Date -Year 2018 -Month 6 -Day 1 -Hour 00 -Minute 00;EndTime=$EndTime=Get-Date -Year 2018 -Month 7 -Day 15 -Hour 23 -Minute 59}

    Returns StartTime=GetDate is not recognized for some reason that is unknown to me.  Should it be StartTime=Get-Date?

    I can run this successfully, but need to pipe the export. How do i get it to export as .evtx? > although .csv will do .

    Get-WinEvent -FilterHashtable @{LogName=’Application’}

    $now = Get-Date
    $then =  (Get-Date).AddDays(-31)
    Get-WinEvent -FilterHashtable @{Logname=’application’;StartTime=$then;EndTime=$now} | Export-Clixml 'C:\applicationlogs.xml'


    MalcolmL

    Wednesday, July 18, 2018 10:22 PM

All replies

  • You need to use the command line to do this.

    wevtutil | Out-Gridview

    Follow the instructions for exporting


    \_(ツ)_/

    Wednesday, July 18, 2018 10:43 PM
  • thanks i will give it a try

    MalcolmL

    Wednesday, July 18, 2018 10:56 PM