powershell - 在结果中只显示一列？

Question

一个简单的问题，但是如何在下面的代码中选择特定的列？

我只想显示 TIME 列，仅此而已。我尝试输入 FORMAT_TABLE TIME 但它只是多次填充 TIME 而没有实际显示时间..

$server_event = Get-Content -Path "c:\Temp\Servers.txt"

foreach($servers in $server_event)
{

$event = Get-EventLog -computerName $servers -logname system | Where-Object {$_.EventID -eq 6009} | Select -First 1

$event

}

结果：我只想显示时间列

   Index Time          EntryType   Source                 InstanceID Message                                                                                     
   ----- ----          ---------   ------                 ---------- -------                                                                                     
   78858 Jun 01 07:19  Information EventLog               2147489657 Microsoft (R) Windows (R) 5.02. 3790 Service Pack 2 Multiprocessor Free.                    
   46221 Jun 01 07:20  Information EventLog               2147489657 Microsoft (R) Windows (R) 5.02. 3790 Service Pack 2 Multiprocessor Free.                    
  214480 Jun 01 07:46  Information EventLog               2147489657 Microsoft (R) Windows (R) 5.02. 3790 Service Pack 2 Multiprocessor Free.                    
  461238 Jun 01 07:18  Information EventLog               2147489657 Microsoft (R) Windows (R) 5.02. 3790 Service Pack 2 Multiprocessor Free.                    
   70889 Jun 01 07:17  Information EventLog               2147489657 Microsoft (R) Windows (R) 5.02. 3790 Service Pack 2 Multiprocessor Free.                    
   52397 Jun 01 07:19  Information EventLog               2147489657 Microsoft (R) Windows (R) 5.02. 3790 Service Pack 2 Multiprocessor Free.                    
   42219 Jun 01 07:40  Information EventLog               2147489657 Microsoft (R) Windows (R) 5.02. 3790 Service Pack 2 Uniprocessor Free.

score 12 · Accepted Answer

尝试：

$event = Get-EventLog -computerName $servers -logname system | Where-Object {$_.EventID -eq 6009} | Select TimeGenerated -First 1

score 2 · Accepted Answer

您可以通过查看DotNetTypes.format.ps1xml位于目录中名为 this的文件来了解名称是如何重新格式化的$pshome。

如果您搜索，System.Diagnostics.EventLogEntry您会看到以下内容，其中将 TimeGenerated 格式化为 Time 并显示为 {0:MMM} {0:dd} {0:HH}:{0:mm}：

<View>
    <Name>System.Diagnostics.EventLogEntry</Name>
    <ViewSelectedBy>
        <TypeName>System.Diagnostics.EventLogEntry</TypeName>
    </ViewSelectedBy>

    <TableControl>
        <TableHeaders>
            <TableColumnHeader>
                <Label>Index</Label>
                <Alignment>Right</Alignment>
                <Width>8</Width>
            </TableColumnHeader>
            <TableColumnHeader>
                <Label>Time</Label>
                <Width>13</Width>
            </TableColumnHeader>
            <TableColumnHeader>
                <Label>EntryType</Label>
                <Width>11</Width>
            </TableColumnHeader>
            <TableColumnHeader>
                <Label>Source</Label>
                <Width>20</Width>
            </TableColumnHeader>
            <TableColumnHeader>
                <Label>InstanceID</Label>
                <Alignment>Right</Alignment>
                <Width>12</Width>
            </TableColumnHeader>
            <TableColumnHeader>
                <Label>Message</Label>
            </TableColumnHeader>
        </TableHeaders>
        <TableRowEntries>
            <TableRowEntry>
                <TableColumnItems>
                    <TableColumnItem>
                        <PropertyName>Index</PropertyName>
                    </TableColumnItem>
                    <TableColumnItem>
                        <PropertyName>TimeGenerated</PropertyName>
                        <FormatString>{0:MMM} {0:dd} {0:HH}:{0:mm}</FormatString>
                    </TableColumnItem>
                    <TableColumnItem>
                        <ScriptBlock>$_.EntryType</ScriptBlock>
                    </TableColumnItem>
                    <TableColumnItem>
                        <PropertyName>Source</PropertyName>
                    </TableColumnItem>
                    <TableColumnItem>
                        <PropertyName>InstanceID</PropertyName>
                    </TableColumnItem>
                    <TableColumnItem>
                        <PropertyName>Message</PropertyName>
                    </TableColumnItem>
                </TableColumnItems>
            </TableRowEntry>
         </TableRowEntries>
    </TableControl>
</View>

因此，您可以使用 TimeGenerated 获取时间列，如下所示：

Get-EventLog -LogName System | select TimeGenerated

powershell - 在结果中只显示一列？

2 回答 2

Related

Reference