问题描述:

I am using a command that will display the eventlog of a remote machine and filter it by the eventId. What I am trying to do is have it only show me the recent X events. Like 1, 5, 10, however many I specify. I says to use -newest 5 , but when I try to get newest events after filtering them by eventId for example, it won't let me do it

Get-EventLog system -computername c78572 | select eventid,machinename,timewritten | where {$_.eventid -eq 6009} | ft -autosize

Basically I want to display a specific EventID of a remote system, and only show the most recent 5 of them.

网友答案:

If you know the InstanceId of the eventid then you can do:

Get-EventLog system -computername c78572 -InstanceId 2147489657 -Newest 5 

This is the long version:

Get-EventLog system -computername c78572  | 
where {$_.eventid -eq 6009} | 
select eventid,machinename,timewritten -First 5 

Here's another way using the Get-WinEvent cmdlet (the target should be vista and up iirc), which uses the eventid:

Get-WinEvent -FilterHashtable @{LogName='system';Id=6009} -MaxEvents 5
相关阅读:
Top