none
Help selecting objects in powershell RRS feed

  • Question

  • I found a great powershell script to backup eventlogs on your site here: BackUpAndClearEventLogs.ps1

    I have to make some modifications though and I'm stuck on the following line of code to select only the three eventlogs that I want to backup by default. The original line of code just gets all of the event logs for a given computer. I need just the Application, Security, and System logs.

    So this kind of does what I want but the results are just BOOLEAN true and false, but I need the actual objects. What's the easiest way to understand what's going on?

    Original line in script:

    $Eventlogs = Get-WmiObject -Class Win32_NTEventLogFile -ComputerName $computer

    And my attempt at making the change:

    $keyeventlogs = $eventlogs | Where {($_ -like "Security") -or ($_ -like "Application") -or ($_ -like "System")}

    Wednesday, April 27, 2016 7:27 PM

Answers

  • I would use the -Filter parameter to specify a WQL filter string.


    Get-WmiObject Win32_NTEventLogFile -Filter '(LogfileName="Application") OR (LogfileName="System")'



    -- Bill Stewart [Bill_Stewart]

    Wednesday, April 27, 2016 7:46 PM
    Moderator

All replies

  • I would use the -Filter parameter to specify a WQL filter string.


    Get-WmiObject Win32_NTEventLogFile -Filter '(LogfileName="Application") OR (LogfileName="System")'



    -- Bill Stewart [Bill_Stewart]

    Wednesday, April 27, 2016 7:46 PM
    Moderator
  • Bill, that worked great. I don't know why I'm not able to pick up on the differences in these commands yet. Thanks for your help though. 
    Wednesday, April 27, 2016 8:29 PM
  • With PowerShell, you should always start with the built-in help. Lots of good information there.

    Also look up examples using a search engine.


    -- Bill Stewart [Bill_Stewart]

    Wednesday, April 27, 2016 8:52 PM
    Moderator