Microsoft Sr. Technical Writer Kim Ditto-Ehlert demonstrates in this 4 minute video how to get the most recent version of the Windows PowerShell 3.0 help files (including examples) from the web. This is particularly useful for Windows Server "8" Beta installations.

Includes the handy -force parameter which allows you to check for new help information more than once per 24 hours.

To see the examples for a cmdlet, type:

       help <cmdlet> -examples

Where <cmdlet> is the name of the cmdlet you are interested in.
This ability to update help with new content is new in PowerShell 3.0

During the period before final release, you should update help often to get developing example text. For example, see the command Help Get-EventLog -Examples results:




    Gets the events in an event log, or a list of the event logs, on the local or remote computers.

         -------------------------- EXAMPLE 1 --------------------------

         C:\PS>get-eventlog -list



    This command displays information about the event logs on the computer.

          -------------------------- EXAMPLE 2 --------------------------

         C:\PS>get-eventlog -newest 5 -logname application



    This command displays the five most recent entries in the Application event log.

      -------------------------- EXAMPLE 3 --------------------------

      C:\PS>$events = get-eventlog -logname system -newest 1000

      C:\PS> $events | group-object -property source -noelement | sort-object -property count -descending

      Count Name

    ----- ----

       75 Service Control Manager

       12 Print

        6 UmrdpService

        2 DnsApi

        2 DCOM

        1 Dhcp

        1 TermDD

        1 volsnap



    This example shows how to find all of the sources that are represented in the 1000 most recent entries in the System event log.

    The first command gets the 1,000 most recent entries from the System event log and stores them in the $events variable. 

    The second command uses a pipeline operator (|) to send the events in $events to the Group-Object cmdlet, which groups the entries by the value of the Source property. The command uses a second pipeline operator to send the grouped events to the Sort-Object cmdlet, which sorts them in descending order, so the most frequently appearing source is listed first.

    Source is just property of event log entries. To see all of the properties of an event log entry, pipe the events to the Get-Member cmdlet.

     -------------------------- EXAMPLE 4 --------------------------

     C:\PS>get-eventlog -logname System -EntryType Error



    This command gets only error events from the System event log.

     -------------------------- EXAMPLE 5 --------------------------

    C:\PS>get-eventlog -logname System -instanceID 3221235481 -Source "DCOM"



    This command gets events from the System log that have an InstanceID of 3221235481 and a Source value of "DCOM."

     -------------------------- EXAMPLE 6 --------------------------

    C:\PS>get-eventlog -logname "Windows PowerShell" -computername localhost, Server01, Server02



  This command gets the events from the "Windows PowerShell" event log on three computers, Server01, Server02, and the local computer, known as "localhost".

   -------------------------- EXAMPLE 7 --------------------------

  C:\PS>get-eventlog -logname "Windows PowerShell" -message "*failed*"



  This command gets all the events in the Windows PowerShell event log that have a message value that includes the word "failed".

  -------------------------- EXAMPLE 8 --------------------------

  C:\PS>$a = get-eventlog -log System -newest 1

  C:\PS> $a | format-list -property *

   EventID            : 7036

    MachineName        : Server01

    Data               : {}

    Index              : 10238

    Category           : (0)

    CategoryNumber     : 0

    EntryType          : Information

    Message            : The description for Event ID

    Source             : Service Control Manager

    ReplacementStrings : {WinHTTP Web Proxy Auto-Disco

    InstanceId         : 1073748860

    TimeGenerated      : 4/11/2008 9:56:05 PM

    TimeWritten        : 4/11/2008 9:56:05 PM

    UserName           :

    Site               :

    Container          :



    This example shows how to display all of the property values of an event. 

    The first command gets the newest event from the System event log and saves it in the $a variable. 

   The second command uses a pipeline operator (|) to send the event in $a to the Format-List command, which displays  all (*) of the event properties.

    -------------------------- EXAMPLE 9 --------------------------

    C:\PS>get-eventlog -log application -source outlook | where {$_.eventID -eq 34}



This command gets events in the Application event log where the source is Outlook and the event ID is 34. Even though Get-EventLog does not have an EventID parameter, you can use the Where-Object cmdlet to select events based on the value of any event property.

  -------------------------- EXAMPLE 10 --------------------------

 C:\PS>get-eventlog -log system -username NT* | group-object -property username -noelement | format-table Count, Name -auto

  Count Name

    ----- ----






    This command returns the events in the system log grouped by the value of  their UserName property. The Get-EventLog command uses the UserName parameter to get only events in which the user name begins with "NT*".

 -------------------------- EXAMPLE 11 --------------------------

    C:\PS>$May31 = get-date 5/31/08

    C:\PS> $July1 = get-date 7/01/08

    C:\PS> get-eventlog -log "Windows PowerShell" -entrytype Error -after $may31 -before $july1



    This command gets all of the errors in the Windows PowerShell event log that occurred in June 2008.

Community Resources


See Also