2

Hello I am using PowerShell Version 5 I am running a command and it is working but the narrowed search is not returning results.

Get-EventLog System -Newest 5 | where {$_.eventID -eq 1074}

So I thought oh I only want to see the last 5 objects that match my filter. It runs but returns no result because in the event log there is no eventID 1074 in the last 5 entries. So I just need to move that parameter to the end. No luck

Get-EventLog System | where {$_.eventID -eq 1074} | -newest 5

-newest : The term '-newest' is not recognized as the name of a cmdlet, function, script file, or operable program. Check 
the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:53
+ Get-EventLog System | where {$_.eventID -eq 1074} | -newest 5
+                                                     ~~~~~~~
    + CategoryInfo          : ObjectNotFound: (-newest:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

So, positioning the -newest after the pipe moves the parameter into a position I think where it is not understood.

Any one have some advice to how I can approach thinking about this that will help me out in the future?

4

2 回答 2

3

要将过滤结果限制为最多 5 个事件,您必须Select-Object -First 5在最终管道段中使用:

Get-EventLog System | Where-Object { $_.eventID -eq 1074 } | Select-Object -First 5

-Newest <n>是特定于 的参数,Get-EventLog无条件地返回第一个<n>条目,而不管它们的内容。

cmdlet 之间没有提供类似功能的通用参数,但有一个通用Select-Object cmdlet允许<n>从其输入中选择最多对象 via -First <n>

于 2018-11-08T02:45:56.900 回答
2

这是获取您想要的信息的一种可能更快的方法。它使用Get-WinEvent代替Get-EventLog并且还使用-FilterHashtable参数让事件系统进行一些过滤。 

#requires -RunAsAdministrator

$FilterHash = @{
    Logname = 'System'
    ID = 1074
    StartTime = (Get-Date).AddDays(-20)
    }
Get-WinEvent -FilterHashtable $FilterHash -MaxEvents 20

通常比使用Get-EventLog. [咧嘴笑]

这是一篇关于这些想法的文章......

通过 PowerShell 使用 FilterHashTable 过滤事件日志 – 嘿,脚本专家!博客
https://blogs.technet.microsoft.com/heyscriptingguy/2014/06/03/use-filterhashtable-to-filter-event-log-with-powershell/

于 2018-11-08T03:07:06.237 回答