Easily Filter Event Logs with XML and the GUI!
Nifty little trick i picked up, that i thought was worth sharing,
If you regularly query the Event Log and want to build up a specific query to re-run. This is a really easy way to get the XML from the Event Viewer
For my example I want to see all the Warnings and Errors in the last 24 hours in the Application Log.
First Open the Event Viewer and Select Application:
Next select “Filter Current Log…” which opens a new window, and configure it what you want to view.
Next click on the XML Tab.
Copy the text and paste it into PowerShell.
$XMLQuery = @" <QueryList> <Query Id="0" Path="Application"> <Select Path="Application">*[System[(Level=2 or Level=3) and TimeCreated[timediff(@SystemTime) &lt;= 86400000]]]</Select> </Query> </QueryList> "@ Get-WinEvent -FilterXml $XMLQuery