none
Using INVOKE-COMMAND to make my script run quicker RRS feed

  • Question

  • I've been asked to check all servers in our domain for the event id 5000 and report back as to when & where the events ocurred.

    The script is currently running, although really slow. The slowest part is this line:

    PS C:\Users\jmilano> $computerName = "MyServerName"
    PS C:\Users\jmilano> measure-command { $EventsList = Get-WinEvent -Provider "McLogEvent" -Computername $ComputerName | Where-Object {$_.ID -eq 5000} | Select-Object -First 10 }


    Days              : 0
    Hours             : 0
    Minutes           : 0
    Seconds           : 1
    Milliseconds      : 167
    Ticks             : 11678102
    TotalDays         : 1.35163217592593E-05
    TotalHours        : 0.000324391722222222
    TotalMinutes      : 0.0194635033333333
    TotalSeconds      : 1.1678102
    TotalMilliseconds : 1167.8102



    PS C:\Users\jmilano> $EventsList[0]


       ProviderName: McLogEvent

    TimeCreated                     Id LevelDisplayName Message
    -----------                     -- ---------------- -------
    12/12/2017 2:11:46 AM         5000 Information      McShield service started....

    My collegue advised to use the INVOKE-COMMAND so that the script runs mostly on the remote server and only the resulting values which you need are sent back to your computer thus making the script run quicker. So I tried that:

    PS C:\Users\jmilano> measure-command { $EventsList = invoke-command -Computer $ComputerName -Scriptblock { Get-WinEvent -Provider "McLogEvent" | Where-Object {$_.ID -eq 5000} | Sel
    ect-Object -First 10 }}
    
    
    Days              : 0
    Hours             : 0
    Minutes           : 0
    Seconds           : 1
    Milliseconds      : 382
    Ticks             : 13828268
    TotalDays         : 1.60049398148148E-05
    TotalHours        : 0.000384118555555556
    TotalMinutes      : 0.0230471133333333
    TotalSeconds      : 1.3828268
    TotalMilliseconds : 1382.8268
    

    Seems that the INVOKE-COMMAND takes longer to run?


    | +-- JDMils |

    Tuesday, December 12, 2017 3:46 AM

Answers

  • Invoke-command doesn't change anything.  The command runs on the remote server.  It runs a query under WMI ON the remote server.  Tell your friend that he needs to learn how WMI works.

    Invoke=Command takes longer because remoting takes longer to set up and can return results very much slower.

    To use "select -First 10 only slow things down more.

    This would be the fastest by a magnitude or more and all of it executes remotely.

    $filter = @{
        ProviderName='McLogEvent'
        ID=5000
    }
    $Events = Get-WinEvent -MaxEvents 10 -FilterHashTable $filter -Computername $ComputerName
    help Get-WinEvent -online


    \_(ツ)_/



    • Edited by jrv Tuesday, December 12, 2017 4:21 AM
    • Marked as answer by JDMils1968 Tuesday, December 12, 2017 10:53 PM
    Tuesday, December 12, 2017 4:20 AM