Nifty little trick i picked up, that i thought was worth sharing,

If you regularly query the Event Log and want to build up a specific query to re-run. This is a really easy way to get the XML from the Event Viewer

For my example I want to see all the Warnings and Errors in the last 24 hours in the Application Log.

First Open the Event Viewer and Select Application:

EventViewer01

Next select “Filter Current Log…” which opens a new window, and configure it what you want to view.

EventViewer02

Next click on the XML Tab.

EventViewer03

Copy the text and paste it into PowerShell.

$XMLQuery = @"
<QueryList>
  <Query Id="0" Path="Application">
    <Select Path="Application">*[System[(Level=2 or Level=3) and TimeCreated[timediff(@SystemTime) <= 86400000]]]</Select>
  </Query>
</QueryList>
"@

Get-WinEvent -FilterXml $XMLQuery

And there you go, a quick way to get PowerShell filtering with XML.
EventViewer04

Advertisements