一个简单的问题,但如何在下面的代码中选择一个特定的列?
我只想显示TIME列而不是其他内容。我尝试放入FORMAT_TABLE TIME但它只是在TIME中填充多次而没有实际显示时间..
$server_event = Get-Content -Path "c:\Temp\Servers.txt"
foreach($servers in $server_event)
{
$event = Get-EventLog -computerName $servers -logname system | Where-Object {$_.EventID -eq 6009} | Select -First 1
$event
}
结果:我只想要显示时间栏
Index Time EntryType Source InstanceID Message
----- ---- --------- ------ ---------- -------
78858 Jun 01 07:19 Information EventLog 2147489657 Microsoft (R) Windows (R) 5.02. 3790 Service Pack 2 Multiprocessor Free.
46221 Jun 01 07:20 Information EventLog 2147489657 Microsoft (R) Windows (R) 5.02. 3790 Service Pack 2 Multiprocessor Free.
214480 Jun 01 07:46 Information EventLog 2147489657 Microsoft (R) Windows (R) 5.02. 3790 Service Pack 2 Multiprocessor Free.
461238 Jun 01 07:18 Information EventLog 2147489657 Microsoft (R) Windows (R) 5.02. 3790 Service Pack 2 Multiprocessor Free.
70889 Jun 01 07:17 Information EventLog 2147489657 Microsoft (R) Windows (R) 5.02. 3790 Service Pack 2 Multiprocessor Free.
52397 Jun 01 07:19 Information EventLog 2147489657 Microsoft (R) Windows (R) 5.02. 3790 Service Pack 2 Multiprocessor Free.
42219 Jun 01 07:40 Information EventLog 2147489657 Microsoft (R) Windows (R) 5.02. 3790 Service Pack 2 Uniprocessor Free.
答案 0 :(得分:9)
尝试:
$event = Get-EventLog -computerName $servers -logname system | Where-Object {$_.EventID -eq 6009} | Select TimeGenerated -First 1
答案 1 :(得分:2)
您可以通过查看位于DotNetTypes.format.ps1xml目录中的名为$pshome的文件来查看名称如何重新格式化。
如果你搜索System.Diagnostics.EventLogEntry,你会看到以下内容,它将TimeGenerated格式化为时间,显示为{0:MMM} {0:dd} {0:HH}:{0:mm}:
<View>
<Name>System.Diagnostics.EventLogEntry</Name>
<ViewSelectedBy>
<TypeName>System.Diagnostics.EventLogEntry</TypeName>
</ViewSelectedBy>
<TableControl>
<TableHeaders>
<TableColumnHeader>
<Label>Index</Label>
<Alignment>Right</Alignment>
<Width>8</Width>
</TableColumnHeader>
<TableColumnHeader>
<Label>Time</Label>
<Width>13</Width>
</TableColumnHeader>
<TableColumnHeader>
<Label>EntryType</Label>
<Width>11</Width>
</TableColumnHeader>
<TableColumnHeader>
<Label>Source</Label>
<Width>20</Width>
</TableColumnHeader>
<TableColumnHeader>
<Label>InstanceID</Label>
<Alignment>Right</Alignment>
<Width>12</Width>
</TableColumnHeader>
<TableColumnHeader>
<Label>Message</Label>
</TableColumnHeader>
</TableHeaders>
<TableRowEntries>
<TableRowEntry>
<TableColumnItems>
<TableColumnItem>
<PropertyName>Index</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>TimeGenerated</PropertyName>
<FormatString>{0:MMM} {0:dd} {0:HH}:{0:mm}</FormatString>
</TableColumnItem>
<TableColumnItem>
<ScriptBlock>$_.EntryType</ScriptBlock>
</TableColumnItem>
<TableColumnItem>
<PropertyName>Source</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>InstanceID</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>Message</PropertyName>
</TableColumnItem>
</TableColumnItems>
</TableRowEntry>
</TableRowEntries>
</TableControl>
</View>
因此,您可以使用TimeGenerated获取时间列,如下所示:
Get-EventLog -LogName System | select TimeGenerated