Get-EventLog is a Windows PowerShell command that allows you to view and manage event logs on a local or remote computer. It is used to retrieve events from the Windows event logs, including the System, Security, Application, and other custom event logs. This command can be used to troubleshoot and diagnose problems on a Windows system, as well as to monitor system performance.
Syntax of Get-EventLog
The syntax of the Get-EventLog command is as follows:
Get-EventLog [-LogName] <String> [-Newest <Int32>] [-Oldest <Int32>] [-After <DateTime>] [-Before <DateTime>] [-UserName <String[]>] [-InstanceId <Int32[]>] [-Source <String[]>] [-EntryType <String[]>] [-Index <Int32[]>] [-Message <String>] [-ComputerName <String[]>] [-Credential <PSCredential>] [-AsJob] [-ThrottleLimit <Int32>] [-InformationAction <ActionPreference>] [-InformationVariable <String>] [-WhatIf] [-Confirm] [<CommonParameters>]
Parameters of Get-EventLog
The Get-EventLog command has the following parameters:
| Parameter | Description |
|---|---|
| -LogName | Specifies the name of the event log. This parameter is required. |
| -Newest | Specifies the maximum number of events to retrieve. The default is all events. |
| -Oldest | Specifies the minimum number of events to retrieve. The default is all events. |
| -After | Specifies the start date and time for the events to retrieve. The default is all events. |
| -Before | Specifies the end date and time for the events to retrieve. The default is all events. |
| -UserName | Specifies the user name for the events to retrieve. The default is all events. |
| -InstanceId | Specifies the instance ID for the events to retrieve. The default is all events. |
| -Source | Specifies the source for the events to retrieve. The default is all events. |
| -EntryType | Specifies the entry type for the events to retrieve. The default is all events. |
| -Index | Specifies the index for the events to retrieve. The default is all events. |
| -Message | Specifies the message for the events to retrieve. The default is all events. |
| -ComputerName | Specifies the computer name for the events to retrieve. The default is the local computer. |
| -Credential | Specifies the credentials to use when connecting to the remote computer. The default is the current user. |
| -AsJob | Runs the command as a background job. The default is not to run as a job. |
| -ThrottleLimit | Specifies the maximum number of concurrent operations that can be established to run the command. The default is 32. |
| -InformationAction | Specifies how the command should process the information that is returned. The default is Continue. |
| -InformationVariable | Specifies the variable in which the command should store the information that is returned. The default is none. |
| -WhatIf | Shows what would happen if the command is run without actually running the command. |
| -Confirm | Prompts the user for confirmation before running the command. |
Inputs of Get-EventLog
The Get-EventLog command has the following inputs:
- LogName: Specifies the name of the event log.
- Newest: Specifies the maximum number of events to retrieve.
- Oldest: Specifies the minimum number of events to retrieve.
- After: Specifies the start date and time for the events to retrieve.
- Before: Specifies the end date and time for the events to retrieve.
- UserName: Specifies the user name for the events to retrieve.
- InstanceId: Specifies the instance ID for the events to retrieve.
- Source: Specifies the source for the events to retrieve.
- EntryType: Specifies the entry type for the events to retrieve.
- Index: Specifies the index for the events to retrieve.
- Message: Specifies the message for the events to retrieve.
- ComputerName: Specifies the computer name for the events to retrieve.
- Credential: Specifies the credentials to use when connecting to the remote computer.
- AsJob: Runs the command as a background job.
- ThrottleLimit: Specifies the maximum number of concurrent operations that can be established to run the command.
- InformationAction: Specifies how the command should process the information that is returned.
- InformationVariable: Specifies the variable in which the command should store the information that is returned.
- WhatIf: Shows what would happen if the command is run without actually running the command.
- Confirm: Prompts the user for confirmation before running the command.
Outputs of Get-EventLog
The Get-EventLog command has the following outputs:
- System.Diagnostics.EventLogEntry
- System.Diagnostics.EventLogEntryCollection