Get-WinEvent中来自Message的grep字符串

时间:2017-07-28 14:55:11

标签: powershell

我有一个脚本来检查来自get-winevent的事件日志,我需要根据消息列中的搜索字符串显示get-winevent输出的完整结果。

有没有办法在get-winevent

中grep Message列

这是当前的字符串

Get-WinEvent -ComputerName $Target_Machine -FilterHashtable $params

2 个答案:

答案 0 :(得分:2)

您可以将输出传递给Where-object,请参阅下面的示例:

$SearchString="AutoConfig"                                                                                                                                                                             
Get-WinEvent Microsoft-Windows-WLAN-AutoConfig/Operational | Where-Object{$_.Message -like "*$SearchString*"}

答案 1 :(得分:0)

$SearchString="your sting"                                                                                                                                                                             
Get-WinEvent -FilterHashtable @{LogName='Security'} |Where-Object -Property Message -Match $SearchString

Get-WinEvent -FilterHashtable @{LogName='Application'} |Where-Object -Property Message -Match $SearchString

Get-WinEvent -FilterHashtable @{LogName='Setup'} |Where-Object -Property Message -Match $SearchString

Get-WinEvent -FilterHashtable @{LogName='System'} |Where-Object -Property Message -Match $SearchString
相关问题
最新问题