• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Re: get-eventlog search string problem

  • Thread starter Brandon Shell [MVP]
  • Start date
B

Brandon Shell [MVP]

#1
I would use -match instead of -like

For remote Eventlog you should use WMI or .NET

WMI: Get-WmiObject Win32_NTEventlogFile -computer $computer
or
..NET: [System.Diagnostics.EventLog]::GetEventLogs($computer)

I have examples of both here
http://bsonposh.com/modules/wordpress/?p=41

Brandon Shell
---------------
Blog: http://www.bsonposh.com/
PSH Scripts Project: www.codeplex.com/psobject

f> Hi,
f>
f> I am looking for "Lun" information from the eventlog and am wondering
f> why one method works and a couple others doesn't. Must be syntax.
f> The one that works is:
f>
f> get-eventlog -logname system|?{$_.timegenerated -gt "12/3/2007"|
f> findstr "Lun"
f>
f> The one that doesn't work is:
f>
f> get-eventlog -logname system|?{$_ -like "*Lun*"}
f> and
f> get-eventlog -logname system |?{$_.timegenerated -gt "12/3/2007"} |
f> select-string -pattern "Lun"
f> Also, how would I do this to a remote box?
f>
f> Thanks in advance,
f>
 
K

Keith Hill [MVP]

#2
"Brandon Shell [MVP]" <a_bshell.mask@xxxxxx> wrote in message
news:29d4f6462ab78ca03df5fde974a@xxxxxx

> I would use -match instead of -like
Excellent advice. I use -match far more than -like. The pattern matching
rules for -like don't align with my regex thinking. :-)

--
Keith