Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

searching for a certain eventlog problem

1 view
Skip to first unread message

don5

unread,
Dec 5, 2007, 6:14:02 AM12/5/07
to
Hi all

i used the following command :

get-eventlog -logname application|where-object {$_.timegenerated -gt
"01/12/2007"}| findstr "Enrollment will not be performed" >c:\event.txt

all i want to do is to search inside my event viewer in the application log
for the logs which are greather then the first of december and that have the
following string "Enrollment will not be performed"inside the logs. and then
put this log inside a text file .

the problem is that i get many logs but some of them dont have this string
at all and the powershell put them in my text file as well.

someone know what i did wrong ?

tnx

Shay Levi

unread,
Dec 5, 2007, 7:21:10 AM12/5/07
to
Hi Don5

Try with standard redirection

get-eventlog -logname application| where-object {$_.timegenerated -gt "01/12/2007"

-and $_.message -match "Enrollment will not be performed"} > c:\events.txt


or pipe to out-file cmdlet

get-eventlog -logname application| where-object {$_.timegenerated -gt "01/12/2007"

-and $_.message -match "Enrollment will not be performed"} | Out-File -FilePath
c:\events.txt -Encoding ASCII


-----
Shay Levi
$cript Fanatic
http://scriptolog.blogspot.com
Hebrew weblog: http://blogs.microsoft.co.il/blogs/scriptfanatic

Shay Levi

unread,
Dec 5, 2007, 7:27:33 AM12/5/07
to
BTW, I can't tell if your date format if MM/dd/yyyy or dd/MM/yyyy.
So, to avoid dates mismatches I suggest to use the get-date cmdlet:

$date = get-date -year 2007 -month 12 -day 1
get-eventlog -logname application | where {$_.timegenerated -gt $date -and
$_.message -match "Enrollment will not be performed"}...

don5

unread,
Dec 5, 2007, 8:07:02 AM12/5/07
to
hi shay , what you wrote helped me . tnx .

but i have one more problem . you wrote in the line here the word "and"


get-eventlog -logname application| where-object {$_.timegenerated -gt
"01/12/2007"
-and $_.message -match "Enrollment will not be performed"} > c:\events.txt

after running this command , he doesnt recognize the command "and"

any idea why ?

if i did this command but without searching from a certain date , it worked.

Brandon Shell [MVP]

unread,
Dec 5, 2007, 8:17:05 AM12/5/07
to
Think of it like math... expressions being compared should be wrapped in ()
(not sure if its required, but its definitely clearer)

get-eventlog -logname application| where-object {($_.timegenerated -gt
"01/12/2007") -and ($_.message -match "Enrollment will not be performed")}

"don5" <do...@discussions.microsoft.com> wrote in message
news:70D51161-EA29-4F9B...@microsoft.com...

Shay Levi

unread,
Dec 5, 2007, 8:18:12 AM12/5/07
to
It should be -and. Any error description?
0 new messages