Get-WinEvent中来自Message的grep字符串

问题描述 投票:1回答:2

我有一个脚本来检查来自get-winevent的事件日志,我需要根据消息列中的搜索字符串显示get-winevent输出的完整结果。

有没有办法在get-winevent中grep Message列

这是当前的字符串

Get-WinEvent -ComputerName $Target_Machine -FilterHashtable $params
powershell
2个回答
2
投票

您可以将输出传递给Where-object,请参阅下面的示例:

$SearchString="AutoConfig"                                                                                                                                                                             
Get-WinEvent Microsoft-Windows-WLAN-AutoConfig/Operational | Where-Object{$_.Message -like "*$SearchString*"}
0
投票
$SearchString="your sting"                                                                                                                                                                             
Get-WinEvent -FilterHashtable @{LogName='Security'} |Where-Object -Property Message -Match $SearchString

Get-WinEvent -FilterHashtable @{LogName='Application'} |Where-Object -Property Message -Match $SearchString

Get-WinEvent -FilterHashtable @{LogName='Setup'} |Where-Object -Property Message -Match $SearchString

Get-WinEvent -FilterHashtable @{LogName='System'} |Where-Object -Property Message -Match $SearchString
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.