Powershell

Get-EventLog: Querying Windows Event Logs with PowerShell

6 months ago
by Muhammad Farhan
The “Get-EventLog” cmdlet in PowerShell gets the list of log events on a local or remote computer. Log events help in finding the causes of the certain problem that occurred. Doing so assist in diagnosing the problem and finding its solutions. It is available on all PowerShell versions except the latest version, 7. On PowerShell version 7, the “GetWinEvent” cmdlet is used as a “Get-EventLog” substitute.

This write-up will observe a guide about the “Get-EventLog” cmdlet.

How to Use “Get-EventLog” Cmdlet in PowerShell to get Windows Event Logs?

The cmdlet “Get-EventLog” gets the event logs and events from the remote and local computers. This cmdlet gets the event logs from a local computer. However, in order to get the event logs from a remote computer, utilize the “ComputerName” parameter within the code. Moreover, property values and parameters are also used to search the custom log events.

Example 1: Get the List of Events on the Local Computer

This example will retrieve the list of events available on the local computer:

Get-EventLog -List

According to the above code:

  • First, the “Get-EventLog” cmdlet is used, and then add the “-List” parameter to display the event logs in the list form:

Example 2: Get the Recent Entries From a Specific Event Log

Now, retrieve the recent most event logs:

Get-EventLog -LogName System -Newest 7

According to the above code:

  • First, add the “Get-EventLog”, along with the “-LogName” parameter and assign the “System” to get the event logs from the computer.
  • After that, specify the “-Newest” parameter and assign the value “7” to fetch the seven recent entries:

Example 3: Get the Details Information of the Single Event Log of an Application

You can also get the details about a specific process or application:

Get-EventLog application -newest 1 | Get-Member

According to the above code:

  • First, add the “Get-EventLog” cmdlet, then specify the “application” to get the application list.
  • Then, define the “-newest” parameter and assign the value “1” to it to get the first most recent application log.
  • Lastly, use the “|” pipeline to transfer the output of the previous cmdlet to the next and then add the “Get-Member” to get the objects’ properties, methods, or members:

Example 4: Get the Single Error Log Using Specified Index

This demonstration will help retrieve the system error log using a specific index:

Get-EventLog -LogName System -EntryType Error -Index 450

In the above-stated code:

  • First, add the “Get-EventLog” cmdlet.
  • After that, specify the “-LogName” parameter and assign the “System” value to it.
  • Then, add the “-EntryType” parameter and assign the “Error” value.
  • Lastly, define the “-Index” parameter and assign the index number as “450”:

That was all about getting the event log in PowerShell.

Conclusion

The “Get-EvenLog” cmdlet in PowerShell gets the event logs related to security, system, or application. It uses the parameters to get the customized event log using the property values. This blog has elaborated on the “Get-EventLog” cmdlet with several examples.

About the author

Muhammad Farhan

I am a Computer Science graduate and now a technical writer who loves to provide the easiest solutions to the most difficult problems related to Windows, Linux, and Web designing. My love for Computer Science emerges every day because of its ease in our everyday life.

View all posts