Get-eventlogs

bennett-lx · 2021-03-29T14:37:57.000Z

Can anyone explain to me why this command doesn’t work

But running with an -instanceid 10016 does?

Obviously records for both event id’s exist in event viewer

For 6005 it says there are no matches.

Sorry for the formatting. Phone won’t let me put text after the code block

get-eventlog -logname system -Instanceid 6005

Neally · 2021-03-29T14:48:28.000Z

short of the ID does not exist, not sure, i mean you are saying it DOES exist, ya?

Does it list them if you pull ALL event and then use a ‘where-object’ to filter it?

does ‘get-winevent’ show it?

jitensh · 2021-03-29T14:54:27.000Z

Get-WinEvent -FilterHash @{LogName='system';ID=6005}

^ works

bennett-lx · 2021-03-29T15:06:51.000Z

That did work perfectly thank you.

but it still begs the question why my command does not. I mean I don’t understand why it would search 10016 and not 6005?

jitensh · 2021-03-29T15:30:44.000Z

Get-EventLog uses a Win32 API that is deprecated. The results may not be accurate missed or truncuated. Use the Get-WinEvent cmdlet instead.

get-event log shows Systeml logs – shows events that are related to the system. Restart of system, restart of services, system files, stuff like that

Evotec – 20 Feb 19

PowerShell - Everything you wanted to know about Event Logs and then some -...

If you feel this title is very familiar to you it's because I actually have stolen the title from Kevin Marquette. I'm in awe of his posts that take you thru topic from beginning till the end. No splitting, no hiding anything, everything on...

Est. reading time: 45 minutes