Event log dates

You can use Get-EventLog to query the event logs on you system

Get-EventLog -LogName System

One frequent task is to check if events occurred during a specific timespan. You may feel that you need to use a where-object filter to do this but there is a simple method.

Get-EventLog -LogName System -After (Get-Date -Date ‘1/1/2015’)

Will return all events after the given date. if you don’t give a time your results start at midnight.

Get-EventLog -LogName System –Before (Get-Date -Date ’10/1/2015′)

Will return all events before 10 January 2015.

You ususally use –Before in conjunction with –After to specify a data range

Get-EventLog -LogName System -After (Get-Date -Date ‘1/1/2015′) -Before (Get-Date -Date ’10/1/2015’)

You can make these ranges quite specific

Get-EventLog -LogName System -After (Get-Date -Date ’10/1/2015 14:31:00′) -Before (Get-Date -Date ’10/1/2015 15:00:00′)

This entry was posted in Powershell Basics. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s