变量中具有多个 ID 的 Get-WinEvent -FilterHashTable 不起作用
Get-WinEvent -FilterHashTable with multiple IDs in a variable not working
这对我有用:
Get-WinEvent -FilterHashTable @{Logname = "ForwardedEvents" ; ID = 4625,4740}
(....我期望的结果...)
这个有效:
$EventId = "4625"
Get-WinEvent -FilterHashTable @{Logname = "ForwardedEvents" ; ID = $EventId}
这行不通:
$EventId = "4625,4740"
Get-WinEvent -FilterHashTable @{Logname = "ForwardedEvents" ; ID = $EventId}
错误...
Get-WinEvent : No events were found that match the specified selection criteria.
At line:1 char:13
+ Get-WinEvent <<<< -FilterHashTable @{Logname = "ForwardedEvents" ; ID = $EventIds}
+ CategoryInfo : ObjectNotFound: (:) [Get-WinEvent], Exception
+ FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand
有人可以帮忙吗?
在您的示例中,使用多个 ID,您在做两件不同的事情。
$EventId = "4625,4740" 定义了一个字符串。您的工作示例使用定义为逗号分隔数字的整数数组。
只需将其更改为 $EventId = 4625,4740(删除引号)即可。查看 documentation for Get-WinEvent and the -FilterHashTable 我们看到:
-- ID=<Int32[]>
所以它需要一个数组而不是一个字符串。
这对我有用:
Get-WinEvent -FilterHashTable @{Logname = "ForwardedEvents" ; ID = 4625,4740}
(....我期望的结果...)
这个有效:
$EventId = "4625"
Get-WinEvent -FilterHashTable @{Logname = "ForwardedEvents" ; ID = $EventId}
这行不通:
$EventId = "4625,4740"
Get-WinEvent -FilterHashTable @{Logname = "ForwardedEvents" ; ID = $EventId}
错误...
Get-WinEvent : No events were found that match the specified selection criteria.
At line:1 char:13
+ Get-WinEvent <<<< -FilterHashTable @{Logname = "ForwardedEvents" ; ID = $EventIds}
+ CategoryInfo : ObjectNotFound: (:) [Get-WinEvent], Exception
+ FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand
有人可以帮忙吗?
在您的示例中,使用多个 ID,您在做两件不同的事情。
$EventId = "4625,4740" 定义了一个字符串。您的工作示例使用定义为逗号分隔数字的整数数组。
只需将其更改为 $EventId = 4625,4740(删除引号)即可。查看 documentation for Get-WinEvent and the -FilterHashTable 我们看到:
-- ID=<Int32[]>
所以它需要一个数组而不是一个字符串。