windows - PowerShell WinEvent FilterHashtable wildcard

问题描述

This is my first time working in PowerShell. I'm trying to filter events based on Date only.

According to the documentation, Logname and Providername accept wildcard characters.

How can I wildcard the Logname ? I have tried *, ** but it does seem to work.

Get-WinEvent -FilterHashtable @{Logname=*; StartTime=$startTime; EndTime=$endTime}

标签： windowspowershellevent-viewer

我不认为你可以。这是我解决它的方法。您甚至不能在事件查看器中执行此操作，即在特定时间内来自所有日志的事件。

Get-WinEvent -ListLog * -EA silentlycontinue | 
foreach { get-winevent -filterhashtable @{logname=$_.logname; starttime='1:55 pm'; 
  endtime='1:58 pm'} -ea 0 }

windows - PowerShell WinEvent FilterHashtable wildcard

问题描述

解决方案

推荐阅读