none
Time and EntryType field not imported into SQL server properly RRS feed

  • Question

  • I am using the following script to import event log into a SQL table.  All fields came through fine except "Time" is showing all NULL and "EntryType" is showing a numeric value instead of the actual description.   Is there any way I can get the "Time" field and the actual "EntryType" description properly ?

    $dt = get-eventlog -logname application -newest 50 | select-object index,Time,EntryType,Source,InstanceID,Message | Out-DataTable

    Write-DataTable -ServerInstance $ServerInstance -Database $Database -TableName 'application_log' -Data $dt

    Thanks!

    Friday, September 30, 2016 4:08 PM

Answers

  • Get-EventLog -LogName application -Newest 1 | gm

    This gets all available members and the data types.


    \_(ツ)_/

    • Marked as answer by ating28 Friday, September 30, 2016 6:27 PM
    Friday, September 30, 2016 5:38 PM
  • If you are not using WS2003  or earlier then you should be using this command:

    Get-WinEvent -LogName application -MaxEvents 1


    \_(ツ)_/

    • Marked as answer by ating28 Friday, September 30, 2016 6:27 PM
    Friday, September 30, 2016 5:40 PM

All replies

  • There is no "Time" property on an Event record. "TimeCreated"? 

    "EntryType" is a numeric enum:

     Get-EventLog -LogName application -Newest 1|select @{n='entrytype';e={"$($_.EntryType)"}}


    \_(ツ)_/

    Friday, September 30, 2016 4:19 PM
  • Okay. this is interesting. When I run this script, "Time" is shown at the header in power shell.  I was under the assumption that the field listed is the same field name.   Is there a mapping where I can find the actual field name to use ?  Thanks.

    Windows PowerShell
    Copyright (C) 2013 Microsoft Corporation. All rights reserved.

    PS V:\> get-eventlog -logname application -newest 50

       Index Time          EntryType   Source                 InstanceID Message
       ----- ----           ---------   ------                 ---------- -------
        4370 Sep 30 11:08  Information Desktop Window Ma...   1073750833 The Desktop Window Manager has exited with code..
        4369 Sep 30 08:08  Error       AutoEnrollment         1073741830 The description for Event ID '1073741830' in So..
        4368 Sep 30 08:08  Error       CertEnroll             3260678157 The description for Event ID '-1034289139' in S..
        4367 Sep 30 08:08  Error       CertEnroll             2186936402 The description for Event ID '-2108030894' in S..
    Friday, September 30, 2016 5:33 PM
  • Get-EventLog -LogName application -Newest 1 | gm

    This gets all available members and the data types.


    \_(ツ)_/

    • Marked as answer by ating28 Friday, September 30, 2016 6:27 PM
    Friday, September 30, 2016 5:38 PM
  • If you are not using WS2003  or earlier then you should be using this command:

    Get-WinEvent -LogName application -MaxEvents 1


    \_(ツ)_/

    • Marked as answer by ating28 Friday, September 30, 2016 6:27 PM
    Friday, September 30, 2016 5:40 PM