Contact Info

Crumbtrail

ActiveXperts.com » Administration » Powershell » Powershell 3.0 » Get-WinEvent

Get-WinEvent - Powershell 3.0 CmdLet

ActiveXperts Network Monitor ships with integrated Powershell scripts to monitor complex network. The scripts run out of the box
Download the ActiveXperts Network Monitor FREE version now »

Get-WinEvent

Short description
Gets events from event logs and event tracing log files on local and remote computers.

Syntax
Get-WinEvent [[-LogName] <String[]>] [-ComputerName <String>] [-Credential <PSCredential>] [-FilterXPath <String>] [-Fo
rce [<SwitchParameter>]] [-MaxEvents <Int64>] [-Oldest [<SwitchParameter>]] [<CommonParameters>]
Get-WinEvent [-ListProvider] <String[]> [-ComputerName <String>] [-Credential <PSCredential>] [<CommonParameters>]
Get-WinEvent [-ProviderName] <String[]> [-ComputerName <String>] [-Credential <PSCredential>] [-FilterXPath <String>] [
-Force [<SwitchParameter>]] [-MaxEvents <Int64>] [-Oldest [<SwitchParameter>]] [<CommonParameters>]
Get-WinEvent [-ListLog] <String[]> [-ComputerName <String>] [-Credential <PSCredential>] [-Force [<SwitchParameter>]] [
<CommonParameters>]
Get-WinEvent [-FilterHashtable] <Hashtable[]> [-ComputerName <String>] [-Credential <PSCredential>] [-Force [<SwitchPar
ameter>]] [-MaxEvents <Int64>] [-Oldest [<SwitchParameter>]] [<CommonParameters>]
Get-WinEvent [-FilterXml] <XmlDocument> [-ComputerName <String>] [-Credential <PSCredential>] [-MaxEvents <Int64>] [-Ol
dest [<SwitchParameter>]] [<CommonParameters>]
Get-WinEvent [-Path] <String[]> [-Credential <PSCredential>] [-FilterXPath <String>] [-MaxEvents <Int64>] [-Oldest [<Sw
itchParameter>]] [<CommonParameters>]





Description
The Get-WinEvent cmdlet gets events from event logs, including classic logs, such as the System and Application logs, a
nd the event logs that are generated by the Windows Event Log technology introduced in Windows Vista. It also gets even
ts in log files generated by Event Tracing for Windows (ETW).


Without parameters, a Get-WinEvent command gets all the events from all the event logs on the computer. To interrupt th
e command, press CTRL + C.


Get-WinEvent also lists event logs and event log providers. You can get events from selected logs or from logs generate
d by selected event providers. And, you can combine events from multiple sources in a single command. Get-WinEvent allo
ws you to filter events by using XPath queries, structured XML queries, and simplified hash-table queries.