Link to home
Start Free TrialLog in
Avatar of GCPSlanops
GCPSlanopsFlag for United States of America

asked on

Powershell get win event FilterHashTable for a computername

Ok I am trying to find a account name by the last 30 days in the message box.
Our security logs go back so long and have co many log on and log off events piping it out to a where statement is unbelievable slow.
The only solution is to filter it right in the hash table but I cant make it work.
Here is what I have

Get-WinEvent -ComputerName MS01ADC  -FilterHashTable @{Logname='Security';Starttime=$([datetime]::Today.AddDays(-30))}  

Open in new window


Lets say I want a Account Name in the message box to match WS42south how can I do that with out resorting to what I have below since it takes a hour or more.   There must be a way to do it with out a pipe.  

Thanks

Get-WinEvent -ComputerName MS01ADC  -FilterHashTable @{Logname='Security';Starttime=$([datetime]::Today.AddDays(-30))}   |? {$_.message -match "WS42south "}

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of footech
footech
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of GCPSlanops

ASKER

Perfect thank you