5

After I encounter an error or issue, I'd like to quickly review events for the last several minutes to see if there is any helpful information. The trouble is, I don't know which particular log might have the events I'm looking for so I want to just show ALL of them. I want to use powershell because opening event viewer and creating a filter takes too long and the faster I can copy and paste a command into powershell, the fewer events I'll have to sift through. I don't want to have to note the exact time the event would have taken place, just a relative time.

I know how to get events from a single Windows event log for the last n minutes, for example Get-EventLog -LogName System -After (Get-Date).AddMinutes(-10) | Format-Table -AutoSize -Wrap, but as the documentation says:

-LogName
Specifies the name of one event log. To find the log names use Get-EventLog -List. Wildcard characters are not permitted. This parameter is required.

So my thought is that I could iterate through all log names, running EventLog on each of them and concatenating the results.

Amazon Dies In Darkness
10.1k39 gold badges101 silver badges160 bronze badges
asked Jun 13, 2019 at 16:31

1 Answer 1

6

Here's a quick command which will iterate each log and show all events which occurred in the last ten minutes sorted by the time they occurred:

Get-EventLog -List `
| %{Get-EventLog -LogName $_.Log -After (Get-Date).AddMinutes(-10) -ErrorAction Ignore} `
| Sort-Object TimeGenerated | Format-Table -AutoSize -Wrap

Or the same thing in one line:

Get-EventLog -List | %{Get-EventLog -LogName $_.Log -After (Get-Date).AddMinutes(-10) -ErrorAction Ignore} | Sort-Object TimeGenerated | Format-Table -AutoSize -Wrap

Get-EventLog uses a Win32 API that is deprecated. The results may not be accurate. Use the Get-WinEvent cmdlet instead.

Get-WinEvent:

Recommended approach - Get-WinEvent works with Microsoft PowerShell and Windows Powershell (>=v6) and using FilterHashtable is a lot faster than the approach above. See Creating Get-WinEvent queries with FilterHashtable for more examples

Get-WinEvent -FilterHashtable @{LogName='*';StartTime=(Get-Date).AddMinutes(-10)} | Sort-Object TimeCreated


 

 

 

 
 
 
 

 

 

 

 answered Jun 13, 2019 at 16:31
 

 
 

 
 


 

 

 
 
 

 


 

	
 





 
		


 

 You must log in to answer this question.
 

 

 

 

 
Start asking to get answers

 
Find the answer to your question by asking.

 Ask question
 

 

 

 

 
Explore related questions

 
 
See similar questions with these tags.