Index -eq???4405???} | fl
The results of the cmdlet are displayed in Figure 14 - 16 .
Figure 14-16
The following fields can be queried by the cmdlet:
Index
Message
ReplacementStrings
TimeWritten
EntryType
Category
Source
EventID
CategoryNumber
TimeGenerated
??‘
??‘
??‘
??‘
??‘
??‘
??‘
??‘
??‘
??‘
Part III: Working with PowerShell in a Production Environment
414
If you had an application hang, but could not find it because you forgot the event id, you could query
the Application log to search all events and retrieve any event that had ??? Hanging ??? in the message. You
may be tempted to use the Contains parameter but in doing so you must match the exact message.
Contains is similar to Equals . If you do not have the exact message you are searching for, place
wildcards in front of and behind the keywords you are searching for. The following query performs this
action and you can see Internet Explorer hang in the results of Figure 14 - 17 :
Get-EventLog -LogName Application | Where {$_.Message -like???Hanging*???} | fl
Figure 14-17
To retrieve all errors from the system log for a particular day, the cmdlet used in Figure 14 - 17 can be
modified to use TimeGenerated and EntryType to specify the new search parameters. The LogName
value has also been switched from Application to System .
Pages:
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569