It is a very powerful
and flexible cmdlet that can be used to parse event logs without complex scripting. If you have created a
custom event log source, this cmdlet can parse them. Do you need to look for a particular word inside an
event? This script will find it. Do you want all the logs from a particular day conveniently exported to a
CSV file for further analysis? This is your cmdlet.
The following is a list of parameters available for this cmdlet:
logName : This is a required parameter. It indicates which log file the cmdlet is to run against.
list : Shows all of the event logs on the system, their current size, retention setting, their
overflow action, and the number of entries in each log.
asString : Creates the output as a string as opposed to a series of objects.
newest : Tells the cmdlet to retrieve a specified number of events.
Figure 14 - 15 shows the output of Get-Eventlog Newest 10 . It is running against the Application log.
??‘
??‘
??‘
??‘
Figure 14-15
Chapter 14: Troubleshooting Exchange Issues
413
Let ??™ s take one event and explore all of the fields that are available for manipulation. To do this you
select one event by setting the Index value equal to 4405 and the use | fl to expand the output. The
command looks as follows:
Get-EventLog -LogName Application | where {$_.
Pages:
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568