locked
Get-WinEvent -FilterHashtable on Windows 2008 x64 RRS feed

  • Question

  • Hi

    I want to filter Evenlog with Powershell 2.0 on a Windows Server 2008 x64 with the following command:

    Get-WinEvent -FilterHashtable @{Logname='application';ID=903}

    When I run the Command in Powershell 2.0 on a Windows Server 2008 I got this error:

    Get-WinEvent : The parameter is incorrect
    At line:1 char:13
    + Get-WinEvent <<<<  -FilterHashtable @{Logname='application';ID=903}
        + CategoryInfo          : NotSpecified: (:) [Get-WinEvent], EventLogException
        + FullyQualifiedErrorId : System.Diagnostics.Eventing.Reader.EventLogException,Microsoft.PowerShell.Commands.GetWinEventCommand

    However when I run the smae command on a Windows Server 2008 R2 it works without error.

    Can someone help me ? Is this a bug or what am I doing wrong ?

    Thx

    J0fe


     

     

    Tuesday, July 6, 2010 11:29 AM

Answers

All replies

  • I'm going to install 2008 now, because all I have is R2.  Can you run $psversiontable on both?
    Tuesday, July 6, 2010 12:19 PM
  • Here are the outputs of $psversiontable.

    $psversiontable from Windows Server 2008 (x64):

    Name                           Value
    ----                           -----
    CLRVersion                     2.0.50727.4200
    BuildVersion                   6.0.6002.18111
    PSVersion                      2.0
    WSManStackVersion              2.0
    PSCompatibleVersions           {1.0, 2.0}
    SerializationVersion           1.1.0.1
    PSRemotingProtocolVersion      2.1

    $psversiontable from Windows Server 2008 R2:

    Name                           Value
    ----                           -----
    CLRVersion                     2.0.50727.4927
    BuildVersion                   6.1.7600.16385
    PSVersion                      2.0
    WSManStackVersion              2.0
    PSCompatibleVersions           {1.0, 2.0}
    SerializationVersion           1.1.0.1
    PSRemotingProtocolVersion      2.1

    Tuesday, July 6, 2010 2:23 PM
  • Ah...  It is a Vista/Server 2008 bug:

    https://connect.microsoft.com/PowerShell/feedback/details/422072/get-winevent-on-vista-does-not-with-vista-x64-using-ctp3

    Read everything.  It's not fixed in Server 2008 SP2.  I don't know when/if it will be...

    • Marked as answer by Marco Shaw Tuesday, July 6, 2010 2:36 PM
    Tuesday, July 6, 2010 2:36 PM
  • Ah ok. That's a pitty :(

    So I have to filter the events with where-object...

    Thanks for your research!

     

    Wednesday, July 7, 2010 6:20 AM
  • Ah ok. That's a pitty :(

    So I have to filter the events with where-object...

    Thanks for your research!

     

    Hey J0fe,

     

    could you please share your script on how to filter events using where-object?

     

    Thanks

    Friday, July 16, 2010 6:31 PM
  • @RajuDada,

    Instead of this:

    Get-WinEvent -FilterHashtable @{Logname='application';ID=903}

    He'd be doing this:

    Get-WinEvent -LogName Application|Where-Object{$_.ID -eq "903"}

    Saturday, July 17, 2010 2:30 AM
  • Was just wondering whether anyone has had an opportunity to test Powershell 3.0 on Vista/2008 to see whether they fixed the FilterHashTable bug?

    Nevermind, looks like it probably won't be released for Vista/08! Le sigh.

    • Edited by vexation Sunday, July 1, 2012 12:03 AM
    Saturday, June 30, 2012 10:55 PM