我正在尝试从特定日期捕获日志文件,无论我回去多少天,我都无法获得任何结果。
Get-EventLog -LogName Application -EntryType Warning -Source MicrosoftDynamicsNAVClientWebClient | Select Message -ExpandProperty Message | Where { ($_.Message -match 'Shutdown') -and ($_.TimeGenerated -gt [datetime]::Today.AddDays('-1')) }
以下是日志文件列表
Message TimeGenerated
------- -------------
Shutdown has occurred ... 1/18/2017 12:01:52 AM
Shutdown has occurred ... 1/18/2017 12:01:52 AM
Shutdown has occurred ... 1/18/2017 12:01:52 AM
Shutdown has occurred ... 1/16/2017 7:01:53 PM
Shutdown has occurred ... 1/16/2017 7:01:53 PM
Shutdown has occurred ... 1/16/2017 7:01:53 PM
Shutdown has occurred ... 1/15/2017 2:01:39 PM
Shutdown has occurred ... 1/15/2017 2:01:39 PM
Shutdown has occurred ... 1/15/2017 2:01:39 PM
Shutdown has occurred ... 1/14/2017 1:58:47 PM
Shutdown has occurred ... 1/14/2017 1:58:47 PM
Shutdown has occurred ... 1/14/2017 1:58:47 PM
Shutdown has occurred ... 1/13/2017 8:58:46 AM
Shutdown has occurred ... 1/13/2017 8:58:46 AM
Shutdown has occurred ... 1/13/2017 8:58:46 AM
Shutdown has occurred ... 1/12/2017 3:58:45 AM
Shutdown has occurred ... 1/12/2017 3:58:45 AM
答案 0 :(得分:1)
您的问题是您使用Select cmdlet展开Message。那么当你尝试过滤TimeGenerated那个属性不存在时。如果您只想要消息,请在过滤后选择。
Get-EventLog -LogName Application -EntryType Warning -Source MicrosoftDynamicsNAVClientWebClient | Where { ($_.Message -match 'Shutdown') -and ($_.TimeGenerated -gt [datetime]::Today.AddDays(-1)) } | Select -ExpandProperty Message