Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

MaxEvents in filter

Posted on 2012-08-15
4
Medium Priority
?
648 Views
Last Modified: 2012-08-15
I need to be able to get the most recent event of a specific ID.  For example, if I want to get Event 805:

Get-WinEvent -LogName Microsoft-Windows-PrintService/Operational -ComputerName $PrintServer -MaxEvents 1|
     Where-Object{$_.id -eq 805}|

Open in new window


The problem with this it gets the last 1 event in the PrintService/Operational log, and if it doesn't happen to be ID 805 then it returns nothing.  How do I specify that I want only the most recent event of that specific ID?
0
Comment
Question by:bigbigpig
  • 2
  • 2
4 Comments
 
LVL 3

Accepted Solution

by:
Akulsh earned 2000 total points
ID: 38298811
You  are asking for most recent event before specifying "Where" condition.

You should filter using Hashtable where you specify both logName and event ID, like this, in advance:

Get-WinEvent -FilterHashtable @{logname='Microsoft-Windows-PrintService/Operational'; id=805}  -ComputerName $PrintServer -MaxEvents 1

Ajay
0
 
LVL 10

Author Comment

by:bigbigpig
ID: 38298829
When I use a hashtable I can't pull values from it can I?  Here's the rest of the script, I need to be able to pull the values from the XML event data and write it to CSV.  Everything works fine, except for getting the most recent 1 event.

Get-WinEvent -LogName Microsoft-Windows-PrintService/Operational -ComputerName $PrintServer -MaxEvents 2|
     Where-Object{$_.id -eq 805}|
     ForEach-Object{
        $strOutput = $PrintServer+ "," +$_.timecreated+ "," +$($_.Properties[3].Value)+ "," +$($_.Properties[7].Value)+ "," +$_.UserID
		write-output $strOutput | Out-File $csvfile805 -append
}

Open in new window

0
 
LVL 3

Expert Comment

by:Akulsh
ID: 38298875
You should be able to pipe its output.

When you run the command of my last posting by itself, do you get correct output on the screen? If so, just replace first 2 lines of your script with it, but do keep the last pipe '|'.

In other words, put my command before
| foreach-object {
etc. etc.
0
 
LVL 10

Author Comment

by:bigbigpig
ID: 38298914
Absolutely right, I forgot the dang pipe before so the ForEach-Object was returning a null error.  Works great - thank you!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In previous parts of this Nano Server deployment series, we learned how to create, deploy and configure Nano Server as a Hyper-V host. In this part, we will look for a clustering option. We will create a Hyper-V cluster of 3 Nano Server host nodes w…
A walk-through example of how to obtain and apply new DID phone numbers to your cloud PBX enabled users that are configured in Office 365. Whether you have 1, 10 or 100+ users in your tenant, it's quite easy to get them phone-enabled and making/rece…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Screencast - Getting to Know the Pipeline

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question