Query Windows Events with Powershell
# simple windows events, applications section
get-eventlog -logname Application
# with simple paging
get-eventlog -logname Application | more
# with advaned paging
get-eventlog -logname Application | out-host -paging
# errors in application section
get-eventlog -logname Application | where entrytype -like "*Error*"
# warnings in system section
get-eventlog -logname System | where entrytype -like "*Warning*"
# read time service
get-eventlog -logname System |where message -like "*systemzeit*" | out-host -paging
# or
get-winevent -logname system | where message -like "*systemzeit*" | out-host -paging
# defender antivirus messages
get-eventlog -logname System | where message -like "*Defender*"
# defender antivirus updates
get-eventlog -logname System | where message -like "*Intelligence*"
# windows updates
get-eventlog -logname System | where message -like "*Windows Update*" | more
# warnings and errors the last 7 days
get-eventlog -logname system -after (get-date).addDays(-7) | where
{($_.entrytype -match "Warning") -or ($_.entrytype -match "Error")}
# other possibility with warnings and erros in application section
get-eventlog -logname application -entrytype "Warning", "Error"
# advanced windows events
get-winevent -logname system | where leveldisplayname -like Warnung (german)
# or
get-winevent -logname system | where leveldisplayname -like Fehler (german)
# faster, language independent
get-winevent -filterhashtable @{logname='system'; Level='2','3'}
# example with disk errors
get-winevent -filterhashtable @{logname='system'; Providername='disk';Level='2','3'} | out-host -paging
# example with application warning and errors
get-winevent -filterhashtable @{logname='application';Level='2','3'} | out-host -paging
# example with application warning and errors from a certain provider
get-winevent -filterhashtable
@{logname='application';ProviderName='Microsoft-Windows-WMI';Level='2','3'}
| out-host -paging