none
How to get the event logs with 24 hours using Get-winevent RRS feed

  • Question

  • Hi Team,

    I need to get the windows logs using winevent with in 24 hours. I am using below command.can some one please help me where can I include date and time range here.

    Note: I am using few variables according my requirement..

     
    Get-winevent   $evs -ComputerName $computer| Where-Object {($_.Message -match "$sname") -or ($_.ID -match "$sname")}  |Select-Object Machinename,ID,Timecreated,Message  
    

    Monday, January 22, 2018 11:36 AM

Answers

  • Try this:

    $args = @{}
    $args.Add("StartTime", ((Get-Date).AddHours(-24)))
    $args.Add("EndTime", (Get-Date))
    $args.Add("LogName", "Application")
    
    Get-WinEvent -FilterHashtable $args

    Monday, January 22, 2018 11:48 AM
  • Here is an easier way with faster results.

    $filter = @{
    	Logname = 'Application'
    	ID = 100,200,300 ...
    	Data = $sname
    	StartTime =  [datetime]::Today.AddDays(-1)
    	EndTime = [datetime]::Today
    }
    Get-WinEvent -FilterHashtable $filter
    

    This is faster than using "Where".


    \_(ツ)_/

    Monday, January 22, 2018 1:26 PM

All replies

  • Try this:

    $args = @{}
    $args.Add("StartTime", ((Get-Date).AddHours(-24)))
    $args.Add("EndTime", (Get-Date))
    $args.Add("LogName", "Application")
    
    Get-WinEvent -FilterHashtable $args

    Monday, January 22, 2018 11:48 AM
  • Thanks Toby. I have customized according to my requirement using above Hash table
    Monday, January 22, 2018 1:15 PM
  • Here is an easier way with faster results.

    $filter = @{
    	Logname = 'Application'
    	ID = 100,200,300 ...
    	Data = $sname
    	StartTime =  [datetime]::Today.AddDays(-1)
    	EndTime = [datetime]::Today
    }
    Get-WinEvent -FilterHashtable $filter
    

    This is faster than using "Where".


    \_(ツ)_/

    Monday, January 22, 2018 1:26 PM
  • That's really Awesome...
    Monday, January 22, 2018 1:43 PM