2

在交互模式下,这有效:

Get-Eventlog -log application -after ((get-date).addMinutes(-360)) -EntryType Error

现在我想过滤掉某些消息,以下没有过滤所需的词:

Get-Eventlog -log application -after ((get-date).addMinutes(-360)) -EntryType Error | where-object  {$_.$Message -notlike "*Monitis*"}

另外,如何在 where-object 上设置多个条件?

在我的脚本中,我在 -and 语句上遇到错误:

$getEventLog = Get-Eventlog -log application -after ((get-date).addMinutes($minutes*-1)) -EntryType Error 
# list of events to exclude 
$getEventLogFiltered = $getEventLog | where-object {$_.Message -notlike "Monitis*" 
                                       -and $_.Message -notlike "*MQQueueDepthMonitor.exe*"
                                       }
$tableFragment = $getEventLogFiltered | ConvertTo-Html -fragment

错误:

-and : The term '-and' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
the spelling of the name, or if a path was included, verify that the path is correct and try again.
At D:\scripts\EventLogExtract2.ps1:24 char:40
+                                        -and $_.Message -notlike "*MQQueueDepthMo ...
+                                        ~~~~
4

2 回答 2

4

在您的第二个代码片段中,删除“消息”之前的美元符号。读法如下。如果您使用的是 PowerShell ISE,您会看到“消息”应该是黑色而不是红色。

Get-Eventlog -log application -after ((get-date).addMinutes(-360)) -EntryType Error | where-object  {$_.Message -notlike "*Monitis*"}

对于第三个代码片段,我在 Where-Object 过滤器中开始换行之前放置了一个重音。这告诉 PowerShell 您正在继续一行而不是开始一个新行。此外,在 PowerShell ISE 中,比较运算符(-和 & -notlike)从蓝色和黑色变为灰色。

$getEventLog = Get-Eventlog -log application -after ((get-date).addMinutes($minutes*-1)) -EntryType Error 
# list of events to exclude 
$getEventLogFiltered = $getEventLog | where-object {$_.Message -notlike "Monitis*" `
                                       -and $_.Message -notlike "*MQQueueDepthMonitor.exe*"
                                       }
$tableFragment = $getEventLogFiltered | ConvertTo-Html -fragment
于 2013-06-25T16:29:12.403 回答
0

日期简化: ((get-date).addMinutes($minutes*-1))具有相同的输出 ((get-date).addMinutes(-1)) 和相同的输出 (get-date).addMinutes(-1)

我也发现addDays(-1)它更有用。

于 2015-10-02T13:23:42.130 回答