2

In interactive mode, this works: 

Get-Eventlog -log application -after ((get-date).addMinutes(-360)) -EntryType Error

Now I want to filter out certain messages, the following didn't filter the desired word: 

Get-Eventlog -log application -after ((get-date).addMinutes(-360)) -EntryType Error | where-object  {$_.$Message -notlike "*Monitis*"}

Also, how do I put in multiple conditions on the where-object?

In my script, I'm getting errors on the -and statement: 

$getEventLog = Get-Eventlog -log application -after ((get-date).addMinutes($minutes*-1)) -EntryType Error 
# list of events to exclude 
$getEventLogFiltered = $getEventLog | where-object {$_.Message -notlike "Monitis*" 
                                       -and $_.Message -notlike "*MQQueueDepthMonitor.exe*"
                                       }
$tableFragment = $getEventLogFiltered | ConvertTo-Html -fragment

Error: 

-and : The term '-and' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
the spelling of the name, or if a path was included, verify that the path is correct and try again.
At D:\scripts\EventLogExtract2.ps1:24 char:40
+                                        -and $_.Message -notlike "*MQQueueDepthMo ...
+                                        ~~~~
Improve this question
2
  • Today, the first part seems to be working (the -notlike). Maybe I had some other timing issue or problem with the -after clause when I ran it yesterday. Commented Jun 20, 2013 at 16:55
  • Apparently, you cannot put a line break between each -and? It seems to work if I put all my and statements on one line. But this makes the code very hard to read/maintain. I might eventually have 10 -and statements. Perhaps I should just use consecutive pipes? Commented Jun 21, 2013 at 14:07

2 Answers 2

Reset to default
4

In your 2nd code snippet remove the dollar sign right before "Message". Reads like the following. If you're using PowerShell ISE, you'll see that "Message" should be in black instead of red.

Get-Eventlog -log application -after ((get-date).addMinutes(-360)) -EntryType Error | where-object  {$_.Message -notlike "*Monitis*"}

For the 3rd code snippet, I placed a grave accent before starting a newline in the Where-Object filter. This tells PowerShell you're continuing a line instead of beginning a new one. Also, in PowerShell ISE, the comparison operators (-and & -notlike) turn from blue and black to grey.

$getEventLog = Get-Eventlog -log application -after ((get-date).addMinutes($minutes*-1)) -EntryType Error 
# list of events to exclude 
$getEventLogFiltered = $getEventLog | where-object {$_.Message -notlike "Monitis*" `
                                       -and $_.Message -notlike "*MQQueueDepthMonitor.exe*"
                                       }
$tableFragment = $getEventLogFiltered | ConvertTo-Html -fragment
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Gee Whiz - haven't seen a language in years that needed a continuation character! Ah, I see the extra $ sign now, duh... Thanks
0

Date simplification: ((get-date).addMinutes($minutes*-1)) has the same output of ((get-date).addMinutes(-1)) and the same output of (get-date).addMinutes(-1)

Also I find addDays(-1) to be more useful.

Improve this answer

2 Comments

Nice comment but should not posted as an answer
"You must have 50 reputation to comment" I think was my reasoning to put this as an answer -- I suppose I could have waited.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.