0

i am trying to Filter out some EventIDs from Get-Event log like this :

...More code here
Get-EventLog -LogName $_ -EntryType Warning,Error | 
Where-Object {$_.EventID -ne '0|1|2|3|4|7|8|9|10|14|15|17...'}

However i am running into trouble with the comparator, using -ne simply does not Filter anything out, and if i use -notmatch, it returns only one result, and i have confirmed there are a lot that it's skipping. Not sure what i am missing and why it's -ne is not working at all, any help is appreciated! Thanks a lot in advance !

Improve this question
4
  • I guess you want to use -in 0,1,2, ... Commented Feb 18, 2021 at 9:21
  • Hey, that did it, thank you ! I had tried -notin before but it didn't occur to me to separate it with , and it didn't work but also did not give me an error.. Commented Feb 18, 2021 at 9:32
  • 1
    Get-Eventlog is terrible slow. You might want to use Get-WinEvent for speedy results. Here is a small example of a script I made to create an overview of users logon (Eventid 2) and logoff (Eventid 3) for the last 30 days. Get-WinEvent -FilterHashtable @{logname = "Microsoft-Windows-User Profile Service/Operational"; id = 2, 3; StartTime = (Get-Date).AddDays(-30) }. This should get you in the right direction Commented Feb 18, 2021 at 9:36
  • Yeah i am realizing now it's taking quite a while..But i need to filter EventIDs out and get-winevent seems to need to go into xml Properties ( like get-eventlog Replacements Strings ) to do that. I will see if i can't manage the waiting though, thank you ! Commented Feb 18, 2021 at 10:28

1 Answer 1

Reset to default
1

Your current code:

$_.EventID -ne '0|1|2|3|4|7|8|9|10|14|15|17...'

is currently checking if the ID is literally 0|1|2|3|4|7|8|9|10|14|15|17....

To check if the ID is one of the values specified, you need to use -in operator, as suggested in the comments:

$_.EventID -in @(0, 1, 2, 3)

For future reference, please check about_Comparison_Operators from PowerShell documentation.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.