display events by log
Hello,
I search to display events by logs :
TimeStamp UserName ShutdownType Reason
--------- -------- ------------ ------
12/05/2021 13:56:56 NT AUTHORITY\SYSTEM restart Operating System (Planned)
12/05/2021 13:56:56 NT AUTHORITY\SYSTEM restart Operating System (Planned)
12/05/2021 13:56:56 NT AUTHORITY\SYSTEM restart Operating System (Planned)
How is it possible to display the column for three logs like below:
TimeStamp UserName ShutdownType Reason
--------- -------- ------------ ------
12/05/2021 13:56:56 NT AUTHORITY\SYSTEM restart Operating System (Planned)
TimeStamp UserName ShutdownType Reason
--------- -------- ------------ ------
12/05/2021 13:56:56 NT AUTHORITY\SYSTEM restart Operating System (Planned)
TimeStamp UserName ShutdownType Reason
--------- -------- ------------ ------
12/05/2021 13:56:56 NT AUTHORITY\SYSTEM restart Operating System (Planned)
Thank you
Regards
I search to display events by logs :
$Days = 3
$LogPath = "C:\TEMP\Log"
$Log = Get-ChildItem -path $LogPath -recurse -include dly*.log
$ListError = 'ERR1014','ERR1016','ERR1012','ERR1011','ERR1013'
$Errorz = Get-Content -Path $Log |
Where-Object { $_ -match 'ERR1013' -and [datetime]::ParseExact((($_ -split ' ')[0] + " " + ($_ -split ' ')[1]), $Format, $null) -gt $Time }
foreach ($lg in $log) {
$EventList = Get-WinEvent -FilterHashtable @{
Logname = 'system'
Id = '1074'
StartTime = (Get-Date).AddDays(- $Days)
} -MaxEvents $MaxEvents -ErrorAction SilentlyContinue
foreach ($Event in $EventList) {
if ($Event.Id -eq 1074) {
[PSCustomObject]@{
TimeStamp = $Event.TimeCreated
UserName = $Event.Properties.value[6]
ShutdownType = $Event.Properties.value[4]
Reason = $Event.Properties.value[2]
}
}
}
}
TimeStamp UserName ShutdownType Reason
--------- -------- ------------ ------
12/05/2021 13:56:56 NT AUTHORITY\SYSTEM restart Operating System (Planned)
12/05/2021 13:56:56 NT AUTHORITY\SYSTEM restart Operating System (Planned)
12/05/2021 13:56:56 NT AUTHORITY\SYSTEM restart Operating System (Planned)
How is it possible to display the column for three logs like below:
TimeStamp UserName ShutdownType Reason
--------- -------- ------------ ------
12/05/2021 13:56:56 NT AUTHORITY\SYSTEM restart Operating System (Planned)
TimeStamp UserName ShutdownType Reason
--------- -------- ------------ ------
12/05/2021 13:56:56 NT AUTHORITY\SYSTEM restart Operating System (Planned)
TimeStamp UserName ShutdownType Reason
--------- -------- ------------ ------
12/05/2021 13:56:56 NT AUTHORITY\SYSTEM restart Operating System (Planned)
Thank you
Regards
ASKER
Possible to have only one column header and not for each object.
Thank you
Thank you
You can try to just move the added text down one closing bracket
ASKER
Already try same result thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
something like this should work however I didn't have time to build a test file to test the entire script.
Open in new window