powershell Get-EventLog -Log "Application"

Get-Eventlog application

or check the following

https://msdn.microsoft.com/en-us/powershell/reference/5.1/microsoft.powershell.management/get-eventlog


all the best

Hi,

You can use Get-EventLog -Log "Application"  | where {$_.eventID -eq 902} for explicit and simple queries , but you cant use  Hash table to filter out the results , for that you need to use Get-WinEvent cmdlet its bit flexible and powerful
For example you can use the below cmdlet to get the same output
Get-WinEvent  -FilterHashtable  @{ logname = 'application'  ; id=902 }  -MaxEvents 20
for more details,
https://msdn.microsoft.com/en-us/powershell/reference/5.1/microsoft.powershell.diagnostics/get-winevent?f=255&MSPPError=-2147217396

Thanks,
Dinesh

thanks , but how can I follow the log , like in linux we can do a "tail -f" to follow the output of  a log

for example :
# tail -f -s 5 /var/log/secure
Mar 20 12:43:27 sa su: pam_unix(su:session): session opened for user rabbitmq by (uid=0)
Mar 20 12:43:27 sa su: pam_unix(su:session): session closed for user rabbitmq
Mar 20 12:43:27 sa su: pam_unix(su:session): session opened for user rabbitmq by (uid=0)
Mar 20 12:43:28 sa su: pam_unix(su:session): session closed for user rabbitmq
Mar 20 12:43:28 sa su: pam_unix(su:session): session opened for user rabbitmq by (uid=0)

thanks