我有一个脚本来检查来自get-winevent的事件日志,我需要根据消息列中的搜索字符串显示get-winevent输出的完整结果。
有没有办法在get-winevent
这是当前的字符串
Get-WinEvent -ComputerName $Target_Machine -FilterHashtable $params
答案 0 :(得分:2)
您可以将输出传递给Where-object,请参阅下面的示例:
$SearchString="AutoConfig"
Get-WinEvent Microsoft-Windows-WLAN-AutoConfig/Operational | Where-Object{$_.Message -like "*$SearchString*"}
答案 1 :(得分:0)
$SearchString="your sting"
Get-WinEvent -FilterHashtable @{LogName='Security'} |Where-Object -Property Message -Match $SearchString
Get-WinEvent -FilterHashtable @{LogName='Application'} |Where-Object -Property Message -Match $SearchString
Get-WinEvent -FilterHashtable @{LogName='Setup'} |Where-Object -Property Message -Match $SearchString
Get-WinEvent -FilterHashtable @{LogName='System'} |Where-Object -Property Message -Match $SearchString