Advertisement
Hey Spiceheads!<\/p>\n
Simple one I’m sure from a PowerShell noob! I have this powershell script:<\/p>\n
Get-EventLog -log security | Where-Object {$_.EventID -eq 4740} | fl<\/p>\n
Which works fine. However, if I add “-newest 5” to show the last 5 events, he no work ![\":frowning:\"](\"https://emoji.discourse-cdn.com/twitter/frowning.png?v=12\" "\\":frowning:\\"")
!
\nGet-EventLog -log security -Newest 5 | Where-Object {$_.EventID -eq 4740} | fl<\/p>\n
Can someone direct me on how I would go about showing the last few event id’s 4740 ?<\/p>\n
Dave<\/p>","upvoteCount":7,"answerCount":2,"datePublished":"2017-02-07T14:08:19.000Z","author":{"@type":"Person","name":"DaveM1980","url":"https://community.spiceworks.com/u/DaveM1980"},"acceptedAnswer":{"@type":"Answer","text":"
Get-WinEvent -MaxEvents 5 -FilterHashtable @{\n 'LogName' = 'Security'\n 'Id' = 4740\n}\n<\/code><\/pre>\nI like to use Get-WinEvent instead of Get-EventLog.<\/p>\n
The reason what you posted doesn’t work is that you are getting the last 5 of ANY event in the security log and then filtering those five to just 4740. The last 5 might contain less than 5 or even 0 4740 events. So you have to do the filtering for 4740 with get-winevent or get-eventlog.<\/p>\n
Get-EventLog equiv:<\/p>\n
Get-EventLog -LogName Security -InstanceId 4740 -Newest 5 \n<\/code><\/pre>","upvoteCount":3,"datePublished":"2017-02-07T14:11:49.000Z","url":"https://community.spiceworks.com/t/powershell-event-log/558261/2","author":{"@type":"Person","name":"craigduff","url":"https://community.spiceworks.com/u/craigduff"}},"suggestedAnswer":[{"@type":"Answer","text":"Hey Spiceheads!<\/p>\n
Simple one I’m sure from a PowerShell noob! I have this powershell script:<\/p>\n
Get-EventLog -log security | Where-Object {$_.EventID -eq 4740} | fl<\/p>\n
Which works fine. However, if I add “-newest 5” to show the last 5 events, he no work !
\nGet-EventLog -log security -Newest 5 | Where-Object {$_.EventID -eq 4740} | fl<\/p>\n
Can someone direct me on how I would go about showing the last few event id’s 4740 ?<\/p>\n
Dave<\/p>","upvoteCount":7,"datePublished":"2017-02-07T14:08:19.000Z","url":"https://community.spiceworks.com/t/powershell-event-log/558261/1","author":{"@type":"Person","name":"DaveM1980","url":"https://community.spiceworks.com/u/DaveM1980"}}]}}
