在交互模式下,这有效:
Get-Eventlog -log application -after ((get-date).addMinutes(-360)) -EntryType Error
现在我想过滤掉某些消息,以下内容未过滤掉所需的字词:
Get-Eventlog -log application -after ((get-date).addMinutes(-360)) -EntryType Error | where-object {$_.$Message -notlike "*Monitis*"}
另外,如何在where-object上添加多个条件?
在我的脚本中,我在-and语句中遇到错误:
$getEventLog = Get-Eventlog -log application -after ((get-date).addMinutes($minutes*-1)) -EntryType Error
# list of events to exclude
$getEventLogFiltered = $getEventLog | where-object {$_.Message -notlike "Monitis*"
-and $_.Message -notlike "*MQQueueDepthMonitor.exe*"
}
$tableFragment = $getEventLogFiltered | ConvertTo-Html -fragment
错误:
-and : The term '-and' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
the spelling of the name, or if a path was included, verify that the path is correct and try again.
At D:\scripts\EventLogExtract2.ps1:24 char:40
+ -and $_.Message -notlike "*MQQueueDepthMo ...
+ ~~~~
答案 0 :(得分:4)
在您的第二个代码段中,在“消息”之前删除美元符号。阅读如下。如果您使用的是PowerShell ISE,您会看到“消息”应该是黑色而不是红色。
Get-Eventlog -log application -after ((get-date).addMinutes(-360)) -EntryType Error | where-object {$_.Message -notlike "*Monitis*"}
对于第三个代码段,我在Where-Object过滤器中开始换行之前放置了grave accent。这告诉PowerShell你正在继续一条线而不是开始一条线。此外,在PowerShell ISE中,比较运算符( - 和& -notlike)从蓝色和黑色变为灰色。
$getEventLog = Get-Eventlog -log application -after ((get-date).addMinutes($minutes*-1)) -EntryType Error
# list of events to exclude
$getEventLogFiltered = $getEventLog | where-object {$_.Message -notlike "Monitis*" `
-and $_.Message -notlike "*MQQueueDepthMonitor.exe*"
}
$tableFragment = $getEventLogFiltered | ConvertTo-Html -fragment
答案 1 :(得分:0)
日期简化:
Enter具有相同的输出
((get-date).addMinutes($minutes*-1))
和相同的输出
((get-date).addMinutes(-1))
此外,我发现(get-date).addMinutes(-1)更有用。