Tag Archives: Message

cmdlet, Verbose, Write

Write-Verbose

NAME
    Write-Verbose

SYNOPSIS
    Writes text to the verbose message stream.

SYNTAX
    Write-Verbose [-Message] <string> [<CommonParameters>]

DESCRIPTION
    The Write-Verbose cmdlet writes text to the verbose message stream in Windows PowerShell. Typically, the verbose message stream is used to deliver information about command processing that is used for debugging a command.

    By default, the verbose message stream is not displayed, but you can display it by changing the value of the $VerbosePreference Variable or using the Verbose common parameter in any command.

PARAMETERS
    -Message <string>
        Specifies the message to display. This parameter is required. You can also pipe a message string to Verbose-Message.

        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?     true (ByValue)
        Accept wildcard characters? false

    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
    System.String
        You can pipe a string that contains the message to Write-Verbose.

OUTPUTS
    None
        Write-Verbose writes only to the verbose message stream.

NOTES

    ————————– EXAMPLE 1 ————————–

    C:\PS>Write-Verbose -Message “Searching the Application Event Log.”

    C:\PS> Write-Verbose -Message “Searching the Application Event Log.” -Verbose

    Description
    ———–
    These commands use the Write-Verbose cmdlet to display a status message. By default, the message is not displayed.

    The second command uses the Verbose common parameter, which displays any verbose messages, regardless of the value of the $VerbosePreference Variable.

    ————————– EXAMPLE 2 ————————–

    C:\PS>$VerbosePreference = “Continue”

    C:\PS> Write-Verbose “Copying file $filename”

    Description
    ———–
    These commands use the Write-Verbose cmdlet to display a status message. By default, the message is not displayed.

    The first command assigns a value of “Continue” to the $VerbosePreference preference Variable. The default value, “SilentlyContinue”, suppresses verbose messages.

    The second command writes a verbose message.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113429
    Write-Error
    Write-Warning
    about_preference_variables

cmdlet, Warning, Write

Write-Warning

NAME
    Write-Warning

SYNOPSIS
    Writes a warning message.

SYNTAX
    Write-Warning [-Message] <string> [<CommonParameters>]

DESCRIPTION
    The Write-Warning cmdlet writes a warning message to the Windows PowerShell host. The response to the warning depends on the value of the user’s $WarningPreference Variable and the use of the WarningAction common parameter.

PARAMETERS
    -Message <string>
        Specifies the warning message.

        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?     true (ByValue)
        Accept wildcard characters? false

    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
    System.String
        You can pipe a string that contains the warning to Write-Warning.

OUTPUTS
    None
        Write-Warning writes only to the warning stream. It does not generate any other output.

NOTES

        The default value for the $WarningPreference Variable is “Continue”, which displays the warning and then continues executing the command. To determine valid values for a preference Variable such as $WarningPreference, set it to a string of random characters, such as “abc”. The resulting error message will list the valid values.

    ————————– EXAMPLE 1 ————————–

    C:\PS>Write-Warning “This is only a test warning.”

    Description
    ———–
    This command displays the message “WARNING: This is only a test warning.”

    ————————– EXAMPLE 2 ————————–

    C:\PS>$w = “This is only a test warning.”

    C:\PS> $w | Write-Warning

    Description
    ———–
    This example shows that you can use a pipeline operator (|) to send a string to Write-Warning. You can save the string in a Variable, as shown in this command, or pipe the string directly to Write-Warning.

    ————————– EXAMPLE 3 ————————–

    C:\PS>$warningpreference

    Continue

    C:\PS> Write-Warning “This is only a test warning.”
    This is only a test warning.

    C:\PS> $warningpreference = “SilentlyContinue”

    C:\PS> Write-Warning “This is only a test warning.”
    C:\PS>

    C:\PS> $warningpreference = “Stop”

    C:\PS> Write-Warning “This is only a test warning.”
    WARNING: This is only a test message.
    Write-Warning : Command execution stopped because the shell Variable “WarningPreference” is set to Stop.
    At line:1 char:14
    + Write-Warning <<<< “This is only a test message.”

    Description
    ———–
    This example shows the effect of the value of the $WarningPreference Variable on a Write-Warning command.

    The first command displays the default value of the $WarningPreference Variable, which is “Continue”. As a result, when you write a warning, the warning message is displayed and execution continues.

    When you change the value of the $WarningPreference Variable, the effect of the Write-Warning command changes again. A value of “SilentlyContinue” suppresses the warning. A value of “Stop” displays the warning and then stops execution of the command.

    For more information about the $WarningPreference Variable, see about_preference_variables.

    ————————– EXAMPLE 4 ————————–

    C:\PS>Write-Warning “This is only a test warning.” -WarningAction Inquire

    WARNING: This is only a test warning.

    Confirm
    Continue with this operation?
    [Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is “Y”):

    Description
    ———–
    This example shows the effect of the WarningAction common parameter on a Write-Warning command. You can use the WarningAction common parameter with any cmdlet to determine how Windows PowerShell responds to warnings resulting from that command. The WarningAction common parameter overrides the value of the $WarningPreference only for that particular command.

    This command uses the Write-Warning cmdlet to display a warning. The WarningAction common parameter with a value of “Inquire” directs the system to prompt the user when the command displays a warning.

    For more information about the WarningAction common parameter, see about_CommonParameters.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113430
    about_preference_variables
    about_CommonParameters
    Write-Debug
    Write-Error
    Write-Host
    Write-Output
    Write-Progress
    Write-Verbose

cmdlet, Debug, Write

Write-Debug

NAME
    Write-Debug

SYNOPSIS
    Writes a debug message to the console.

SYNTAX
    Write-Debug [-Message] <string> [<CommonParameters>]

DESCRIPTION
    The Write-Debug cmdlet writes debug messages to the console from a script or command.

    By default, debug messages are not displayed in the console, but you can display them by using the Debug parameter or the $DebugPreference Variable.

PARAMETERS
    -Message <string>
        Specifies the debug message to send to the console.

        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?     true (ByValue)
        Accept wildcard characters? false

    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
    System.String
        You can pipe a string that contains a debug message to Write-Debug.

OUTPUTS
    None
        Write-Debug writes only to the debug stream. It does not return any output.

NOTES

    ————————– EXAMPLE 1 ————————–

    C:\PS>Write-Debug “Cannot open file.”

    Description
    ———–
    This command writes a debug message. Because the value of $DebugPreference is “SilentlyContinue”, the message is not displayed in the console.

    ————————– EXAMPLE 2 ————————–

    C:\PS>$DebugPreference

    SilentlyContinue

    C:\PS> Write-Debug “Cannot open file.”
    C:\PS>

    C:\PS> Write-Debug “Cannot open file.” -Debug
    DEBUG: Cannot open file.

    Description
    ———–
    This example shows how to use the Debug common parameter to override the value of the $DebugPreference Variable for a particular command.

    The first command displays the value of the $DebugPreference Variable, which is “SilentlyContinue”, the default.

    The second command writes a debug message but, because of the value of $DebugPreference, the message does not appear.

    The third command writes a debug message. It uses the Debug common parameter to override the value of $DebugPreference and to display the debug messages resulting from this command.

    As a result, even though the value of $DebugPreference is “SilentlyContinue”, the debug message appears.

    For more information about the Debug common parameter, see about_CommonParameters.

    ————————– EXAMPLE 3 ————————–

    C:\PS>$DebugPreference

    SilentlyContinue

    C:\PS> Write-Debug “Cannot open file.”
    C:\PS>

    C:\PS> $DebugPreference = “Continue”

    C:\PS> Write-Debug “Cannot open file.”
    DEBUG: Cannot open file.

    Description
    ———–
    This command shows the effect of changing the value of the $DebugPreference Variable on the display of debug messages.

    The first command displays the value of the $DebugPreference Variable, which is “SilentlyContinue”, the default.

    The second command writes a debug message but, because of the value of $DebugPreference, the message does not appear.

    The third command assigns a value of “Continue” to the $DebugPreference Variable.

    The fourth command writes a debug message, which appears on the console.

    For more information about $DebugPreference, see about_preference_variables.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113424
    Write-Verbose
    Write-Error
    Write-Host
    Write-Progress
    Write-Output
    Write-Warning

cmdlet, Error, Write

Write-Error

NAME
    Write-Error

SYNOPSIS
    Writes an object to the error stream.

SYNTAX
    Write-Error -ErrorRecord <ErrorRecord> [-CategoryActivity <string>] [-CategoryReason <string>] [-CategoryTargetName <string>] [-CategoryTargetType <string>] [-RecommendedAction <string>] [<CommonParameters>]

    Write-Error [-Message] <string> [-Category {NotSpecified | OpenError | CloseError | DeviceError | DeadlockDetected | InvalidArgument | InvalidData | InvalidOperation | InvalidResult | InvalidType | MetadataError | NotImplemented | NotInstalled | ObjectNotFound | OperationStopped | OperationTimeout | SyntaxError | ParserError | PermissionDenied | ResourceBusy | ResourceExists | ResourceUnavailable | ReadError | WriteError | FromStdErr | SecurityError}] [-ErrorId <string>] [-TargetObject <Object>] [-CategoryActivity <string>] [-CategoryReason <string>] [-CategoryTargetName <string>] [-CategoryTargetType <string>] [-RecommendedAction <string>] [<CommonParameters>]

    Write-Error -Exception <Exception> [-Category {NotSpecified | OpenError | CloseError | DeviceError | DeadlockDetected | InvalidArgument | InvalidData | InvalidOperation | InvalidResult | InvalidType | MetadataError | NotImplemented | NotInstalled | ObjectNotFound | OperationStopped | OperationTimeout | SyntaxError | ParserError | PermissionDenied | ResourceBusy | ResourceExists | ResourceUnavailable | ReadError | WriteError | FromStdErr | SecurityError}] [-ErrorId <string>] [-Message <string>] [-TargetObject <Object>] [-CategoryActivity <string>] [-CategoryReason <string>] [-CategoryTargetName <string>] [-CategoryTargetType <string>] [-RecommendedAction <string>] [<CommonParameters>]

DESCRIPTION
    The Write-Error cmdlet writes an error to the Windows PowerShell error stream. By default, errors are sent to the host program to be displayed, along with output.

    You can write an error by submitting an error message string, an ErrorRecord object, or an Exception object. Use the other parameters of Write-Error to populate the error record.

PARAMETERS
    -Category <ErrorCategory>
        Specifies the category of the error. The default value is NotSpecified.

        For information about the error categories, see “ErrorCategory Enumeration” in the MSDN (Microsoft Developer Network) library at http://go.microsoft.com/fwlink/?LinkId=143600.

        Required?                    false
        Position?                    named
        Default value                NotSpecified
        Accept pipeline input?     false
        Accept wildcard characters? false

    -CategoryActivity <string>
        Describes the action that caused the error.

        Required?                    false
        Position?                    named
        Default value                None
        Accept pipeline input?     false
        Accept wildcard characters? false

    -CategoryReason <string>
        Explains how or why the activity caused the error.

        Required?                    false
        Position?                    named
        Default value                None
        Accept pipeline input?     false
        Accept wildcard characters? false

    -CategoryTargetName <string>
        Specifies the name of the object that was being processed when the error occurred.

        Required?                    false
        Position?                    named
        Default value                None
        Accept pipeline input?     false
        Accept wildcard characters? false

    -CategoryTargetType <string>
        Specifies the .NET type of the object that was being processed when the error occurred.

        Required?                    false
        Position?                    named
        Default value                None
        Accept pipeline input?     false
        Accept wildcard characters? false

    -ErrorId <string>
        Specifies an ID string to identify the error. The string should be unique to the error.

        Required?                    false
        Position?                    named
        Default value                None
        Accept pipeline input?     false
        Accept wildcard characters? false

    -ErrorRecord <ErrorRecord>
        Specifies an error record object that includes properties that describe the error.

        To get an error record object, use the New-Object cmdlet or take an error record object from the array in the $Error automatic Variable.

        Required?                    true
        Position?                    named
        Default value                None
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Exception <Exception>
        Specifies an exception that represents the error.

        You can use an exception instead of specifying message text or an exception record.

        Required?                    true
        Position?                    named
        Default value                None
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Message <string>
        Specifies the message text of the error. If the text includes spaces or special characters, enclose it in quotation marks. You can also pipe a message string to Write-Error.

        Required?                    true
        Position?                    1
        Default value                None
        Accept pipeline input?     true (ByValue)
        Accept wildcard characters? false

    -RecommendedAction <string>
        Describes the action that the user should take to resolve or prevent the error.

        Required?                    false
        Position?                    named
        Default value                None
        Accept pipeline input?     false
        Accept wildcard characters? false

    -TargetObject <Object>
        Specifies the object that was being processed when the error occurred. Enter the object (such as a string), a Variable that contains the object, or a command that gets the object.

        Required?                    false
        Position?                    named
        Default value                None
        Accept pipeline input?     false
        Accept wildcard characters? false

    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
    System.String
        You can pipe a string that contains an error message to Write-Error.

OUTPUTS
    Error object
        Write-Error writes only to the error stream. It does not return any objects.

NOTES

    ————————– EXAMPLE 1 ————————–

    C:\PS>Get-ChildItem | ForEach-Object { if ($_.gettype().tostring() -eq “Microsoft.Win32.RegistryKey”) {Write-Error “Out-of-band object” -ErrorId B1 -TargetObject $_ } else {$_ } }

    Description
    ———–
    This command writes an error when the Get-ChildItem cmdlet returns a Microsoft.Win32.RegistryKey object, such as the objects in the HKLM: or HKCU drives of the Windows PowerShell Registry provider.

    ————————– EXAMPLE 2 ————————–

    C:\PS>Write-Error “Access denied.”

    Description
    ———–
    This command writes an “Access denied” error. The command uses the Message parameter to specify the message, but omits the optional Message parameter name.

    ————————– EXAMPLE 3 ————————–

    C:\PS>Write-Error -Message “Error: Too many input values.” -Category InvalidArgument

    Description
    ———–
    This command writes a error and specifies an error category.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113425
    Write-Debug
    Write-Verbose
    Write-Output
    Write-Host
    Write-Progress
    Write-Warning

cmdlet, EventLog, Write

Write-EventLog

NAME
    Write-EventLog

SYNOPSIS
    Writes an event to an event log.

SYNTAX
    Write-EventLog [-LogName] <string> [-Source] <string> [-EventId] <int> [-Message] <string> [[-EntryType] {Error | Warning | Information | SuccessAudit | FailureAudit}] [-Category <Int16>] [-ComputerName <string>] [-RawData <Byte[]>] [<CommonParameters>]

DESCRIPTION
    The Write-EventLog cmdlet writes an event to an event log.

    To write an event to an event log, the event log must exist on the computer and the source must be registered for the event log.

    The cmdlets that contain the EventLog noun (the EventLog cmdlets) work only on classic event logs. To get events from logs that use the Windows Event Log technology in Windows Vista and later versions of Windows, use Get-WinEvent.

PARAMETERS
    -Category <Int16>
        Specifies a task category for the event. Enter an integer that is associated with the strings in the category message file for the event log.

        Required?                    false
        Position?                    named
        Default value                1
        Accept pipeline input?     false
        Accept wildcard characters? false

    -ComputerName <string>
        Specifies a remote computer. The default is the local computer.

        Type the NetBIOS name, an Internet Protocol (IP) address, or a fully qualified domain name of a remote computer.

        This parameter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter of Get-EventLog even if your computer is not configured to run remote commands.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -EntryType <EventLogEntryType>
        Specifies the entry type of the event. Valid values are Error, Warning, Information, SuccessAudit, and FailureAudit. The default value is Information.

        For a description of the values, see System.Diagnostics.EventLogEntryType in the MSDN (Microsoft Developer Network) library at http://go.microsoft.com/fwlink/?LinkId=143599.

        Required?                    false
        Position?                    4
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -EventId <int>
        Specifies the event identifier. This parameter is required.

        Required?                    true
        Position?                    3
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -LogName <string>
        Specifies the name of the log to which the event is written. Enter the log name (the value of the Log property, not the LogDisplayName). Wildcard characters are not permitted. This parameter is required.

        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Message <string>
        Specifies the event message. This parameter is required.

        Required?                    true
        Position?                    5
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -RawData <Byte[]>
        Specifies the binary data that is associated with the event, in bytes.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Source <string>
        Specifies the event source, which is typically the name of the application that is writing the event to the log.

        Required?                    true
        Position?                    2
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
    None
        You cannot pipe input to this cmdlet.

OUTPUTS
    System.Diagnostics.EventLogEntry
        Write-EventLog returns objects that represents the events in the logs.

NOTES

        To use Write-EventLog on Windows Vista and later versions of Windows, start Windows PowerShell with the “Run as administrator” option.

    ————————– EXAMPLE 1 ————————–

    C:\PS>Write-EventLog -LogName Application -Source MyApp -EventId 3001 -EntryType Information -Message “MyApp added a user-requested feature to the display.” -Category 1 -RawData 10,20

    Description
    ———–
    This command writes an event from the MyApp source to the Application event log.

    ————————– EXAMPLE 2 ————————–

    C:\PS>Write-EventLog -ComputerName Server01 -LogName Application -Source MyApp -EventId 3001 -Message “MyApp added a user-requested feature to the display.”

    Description
    ———–
    This command writes an event from the MyApp source to the Application event log on the Server01 remote computer.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=135281
    Clear-EventLog
    Get-EventLog
    Limit-EventLog
    New-EventLog
    Remove-EventLog
    Show-EventLog
    Write-EventLog
    Get-WinEvent

cmdlet, EventLog, Get

Get-EventLog

NAME
    Get-EventLog

SYNOPSIS
    Gets the events in an event log, or a list of the event logs, on the local or remote computers.

SYNTAX
    Get-EventLog [-AsString] [-ComputerName <string[]>] [-List] [<CommonParameters>]

    Get-EventLog [-LogName] <string> [[-InstanceId] <Int64[]>] [-After <DateTime>] [-AsBaseObject] [-Before <DateTime>] [-ComputerName <string[]>] [-EntryType <string[]>] [-Index <Int32[]>] [-Message <string>] [-Newest <int>] [-Source <string[]>] [-UserName <string[]>] [<CommonParameters>]

DESCRIPTION
    The Get-EventLog cmdlet gets events and event logs on the local and remote computers.

    Use the parameters of Get-EventLog to search for events by using their property values. Get-EventLog gets only the events that match all of the specified property values.

    The cmdlets that contain the EventLog noun (the EventLog cmdlets) work only on classic event logs. To get events from logs that use the Windows Event Log technology in Windows Vista and later versions of Windows, use Get-WinEvent.

PARAMETERS
    -After <DateTime>
        Gets only the events that occur after the specified date and time. Enter a DateTime object, such as the one returned by the Get-Date cmdlet.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -AsBaseObject [<SwitchParameter>]
        Returns a standard System.Diagnostics.EventLogEntry object for each event. Without this parameter, Get-EventLog returns an extended PSObject object with additional EventLogName, Source, and InstanceId properties.

        To see the effect of this parameter, pipe the events to the Get-Member cmdlet and examine the TypeName value in the result.

        Required?                    false
        Position?                    named
        Default value                False
        Accept pipeline input?     false
        Accept wildcard characters? false

    -AsString [<SwitchParameter>]
        Returns the output as strings, instead of objects.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Before <DateTime>
        Gets only the events that occur before the specified date and time. Enter a DateTime object, such as the one returned by the Get-Date cmdlet.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -ComputerName <string[]>
        Specifies a remote computer. The default is the local computer.

        Type the NetBIOS name, an Internet Protocol (IP) address, or a fully qualified domain name of a remote computer. To specify the local computer, type the computer name, a dot (.), or “localhost”.

        This parameter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter of Get-EventLog even if your computer is not configured to run remote commands.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -EntryType <string[]>
        Gets only events with the specified entry type. Valid values are Error, Information, FailureAudit, SuccessAudit, and Warning. The default is all events.

        Required?                    false
        Position?                    named
        Default value                All events
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Index <Int32[]>
        Gets only events with the specified index values.

        Required?                    false
        Position?                    named
        Default value                All events
        Accept pipeline input?     false
        Accept wildcard characters? false

    -InstanceId <Int64[]>
        Gets only events with the specified instance IDs.

        Required?                    false
        Position?                    2
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -List [<SwitchParameter>]
        Gets a list of event logs on the computer.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -LogName <string>
        Specifies the event log. Enter the log name (the value of the Log property; not the LogDisplayName) of one event log. Wildcard characters are not permitted. This parameter is required.

        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Message <string>
        Gets events that have the specified string in their messages. You can use this property to search for messages that contain certain words or phrases. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? true

    -Newest <int>
        Specifies the maximum number of events retrieved. Get-EventLog gets the specified number of events, beginning with the newest event in the log.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? false

    -Source <string[]>
        Gets events that were written to the log by the specified sources. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? true

    -UserName <string[]>
        Gets only the events that are associated with the specified user names. Enter names or name patterns, such as User01, User*, or Domain01\User*. Wildcards are permitted.

        Required?                    false
        Position?                    named
        Default value
        Accept pipeline input?     false
        Accept wildcard characters? true

    <CommonParameters>
        This cmdlet supports the common parameters: Verbose, Debug,
        ErrorAction, ErrorVariable, WarningAction, WarningVariable,
        OutBuffer and OutVariable. For more information, type,
        “Get-Help about_CommonParameters“.

INPUTS
    None.
        You cannot pipe input to this cmdlet.

OUTPUTS
    System.Diagnostics.EventLogEntry. System.Diagnostics.EventLog. System.String
        If the LogName parameter is specified, the output is a collection of EventLogEntry objects (System.Diagnostics.EventLogEntry).

        If only the List parameter is specified, the output is a collection of EventLog objects (System.Diagnostics.EventLog).

        If both the List and AsString parameters are specified, the output is a collection of Strings (System.String).

NOTES

    ————————– EXAMPLE 1 ————————–

    C:\PS>Get-Eventlog -list

    Description
    ———–
    This command displays information about the event logs on the computer.

    ————————– EXAMPLE 2 ————————–

    C:\PS>Get-Eventlog -Newest 5 -LogName application

    Description
    ———–
    This command displays the five most recent entries in the Application event log.

    ————————– EXAMPLE 3 ————————–

    C:\PS>$events = Get-Eventlog -LogName system -Newest 1000

    C:\PS> $events | Group-Object -property source -noelement | Sort-Object -property count -descending

    Count Name
    —– —-
     75 Service Control Manager
     12 Print
        6 UmrdpService
        2 DnsApi
        2 DCOM
        1 Dhcp
        1 TermDD
        1 volsnap

    Description
    ———–
    This example shows how to find all of the sources that are represented in the 1000 most recent entries in the System event log.

    The first command gets the 1,000 most recent entries from the System event log and stores them in the $events Variable.

    The second command uses a pipeline operator (|) to send the events in $events to the Group-Object cmdlet, which groups the entries by the value of the Source property. The command uses a second pipeline operator to send the grouped events to the Sort-Object cmdlet, which sorts them in descending order, so the most frequently appearing source is listed first.

    Source is just property of event log entries. To see all of the properties of an event log entry, pipe the events to the Get-Member cmdlet.

    ————————– EXAMPLE 4 ————————–

    C:\PS>Get-Eventlog -LogName System -EntryType Error

    Description
    ———–
    This command gets only error events from the System event log.

    ————————– EXAMPLE 5 ————————–

    C:\PS>Get-Eventlog -LogName System -InstanceId 3221235481 -Source “DCOM”

    Description
    ———–
    This command gets events from the System log that have an InstanceID of 3221235481 and a Source value of “DCOM.”

    ————————– EXAMPLE 6 ————————–

    C:\PS>Get-Eventlog -LogName “Windows PowerShell” -ComputerName localhost, Server01, Server02

    Description
    ———–
    This command gets the events from the “Windows PowerShell” event log on three computers, Server01, Server02, and the local computer, known as “localhost”.

    ————————– EXAMPLE 7 ————————–

    C:\PS>Get-Eventlog -LogName “Windows PowerShell” -Message “*failed*”

    Description
    ———–
    This command gets all the events in the Windows PowerShell event log that have a message value that includes the word “failed”.

    ————————– EXAMPLE 8 ————————–

    C:\PS>$a = Get-Eventlog -log System -Newest 1

    C:\PS> $a | Format-List -property *

    EventID            : 7036
    MachineName        : Server01
    Data             : {}
    Index             : 10238
    Category         : (0)
    CategoryNumber     : 0
    EntryType         : Information
    Message            : The description for Event ID
    Source             : Service Control Manager
    ReplacementStrings : {WinHTTP Web Proxy Auto-Disco
    InstanceId         : 1073748860
    TimeGenerated     : 4/11/2008 9:56:05 PM
    TimeWritten        : 4/11/2008 9:56:05 PM
    UserName         :
    Site             :
    Container         :

    Description
    ———–
    This example shows how to display all of the property values of an event.

    The first command gets the newest event from the System event log and saves it in the $a Variable.

    The second command uses a pipeline operator (|) to send the event in $a to the Format-List command, which displays all (*) of the event properties.

    ————————– EXAMPLE 9 ————————–

    C:\PS>Get-Eventlog -log application -Source outlook | where {$_.eventID -eq 34}

    Description
    ———–
    This command gets events in the Application event log where the source is Outlook and the event ID is 34. Even though Get-EventLog does not have an EventID parameter, you can use the Where-Object cmdlet to select events based on the value of any event property.

    ————————– EXAMPLE 10 ————————–

    C:\PS>Get-Eventlog -log system -UserName NT* | Group-Object -property username -noelement | Format-Table Count, Name -auto

    Count Name
    —– —-
     6031 NT AUTHORITY\SYSTEM
     42 NT AUTHORITY\LOCAL SERVICE
        4 NT AUTHORITY\NETWORK SERVICE

    Description
    ———–
    This command returns the events in the system log grouped by the value of their UserName property. The Get-EventLog command uses the UserName parameter to get only events in which the user name begins with “NT*”.

    ————————– EXAMPLE 11 ————————–

    C:\PS>$May31 = Get-Date 5/31/08

    C:\PS> $July1 = Get-Date 7/01/08

    C:\PS> Get-Eventlog -log “Windows PowerShell” -EntryType Error -After $may31 -Before $july1

    Description
    ———–
    This command gets all of the errors in the Windows PowerShell event log that occurred in June 2008.

RELATED LINKS
    Online version: http://go.microsoft.com/fwlink/?LinkID=113314
    Get-WinEvent
    Clear-EventLog
    Limit-EventLog
    New-EventLog
    Remove-EventLog
    Show-EventLog
    Write-EventLog
    Get-WinEvent