This forum is closed. Thank you for your contributions.

Remove From My Forums

Powershell Message Event Log Search FilterHashTable

Question
0

Sign in to vote
I am using PowerShell to sift through my event log in event viewer. The challenge is to locate specific character sets inside the message detail and to display both the events with those character sets and the individual character sets themselves. Right now, I have the following:

Get-WinEvents -FilterHashTable @{LogName="Application", id=1035} -MaxEvents 10 | where {$_.message -like "*Visual C++*"}

This script will return the events that have messages with Visual C++ inside, however, there are sets of about 7 characters after that ranging in letter and number. I need to extract those 7 characters and print them exclusively. Thank you for all help.
- Moved by Bill_Stewart Tuesday, October 11, 2016 6:55 PM Abandoned
Tuesday, August 30, 2016 2:06 PM

All replies

0

Sign in to vote

Look at the "Properties" property. It will be one of those.

Get-WinEvents -FilterHashTable @{LogName="Application", id=1035} -MaxEvents 10 |
where {$_.message -like "*Visual C++*"} |
%{ $_.Properties }

Find one and count the property number $_.Properties[0] or whatever it turns out to be
\_(ツ)_/

Tuesday, August 30, 2016 3:08 PM