按日期分类的事件日志
Event Log by date
我正在尝试从特定日期捕获日志文件,但无论返回多少天我都没有得到任何结果。
Get-EventLog -LogName Application -EntryType Warning -Source MicrosoftDynamicsNAVClientWebClient | Select Message -ExpandProperty Message | Where { ($_.Message -match 'Shutdown') -and ($_.TimeGenerated -gt [datetime]::Today.AddDays('-1')) }
这是日志文件列表
Message TimeGenerated
------- -------------
Shutdown has occurred ... 1/18/2017 12:01:52 AM
Shutdown has occurred ... 1/18/2017 12:01:52 AM
Shutdown has occurred ... 1/18/2017 12:01:52 AM
Shutdown has occurred ... 1/16/2017 7:01:53 PM
Shutdown has occurred ... 1/16/2017 7:01:53 PM
Shutdown has occurred ... 1/16/2017 7:01:53 PM
Shutdown has occurred ... 1/15/2017 2:01:39 PM
Shutdown has occurred ... 1/15/2017 2:01:39 PM
Shutdown has occurred ... 1/15/2017 2:01:39 PM
Shutdown has occurred ... 1/14/2017 1:58:47 PM
Shutdown has occurred ... 1/14/2017 1:58:47 PM
Shutdown has occurred ... 1/14/2017 1:58:47 PM
Shutdown has occurred ... 1/13/2017 8:58:46 AM
Shutdown has occurred ... 1/13/2017 8:58:46 AM
Shutdown has occurred ... 1/13/2017 8:58:46 AM
Shutdown has occurred ... 1/12/2017 3:58:45 AM
Shutdown has occurred ... 1/12/2017 3:58:45 AM
您的问题是您使用 Select cmdlet 来扩展 Message。因此,当您尝试过滤 TimeGenerated 时,属性 不存在。如果您只想要消息,则过滤后 select。
Get-EventLog -LogName Application -EntryType Warning -Source MicrosoftDynamicsNAVClientWebClient | Where { ($_.Message -match 'Shutdown') -and ($_.TimeGenerated -gt [datetime]::Today.AddDays(-1)) } | Select -ExpandProperty Message
我正在尝试从特定日期捕获日志文件,但无论返回多少天我都没有得到任何结果。
Get-EventLog -LogName Application -EntryType Warning -Source MicrosoftDynamicsNAVClientWebClient | Select Message -ExpandProperty Message | Where { ($_.Message -match 'Shutdown') -and ($_.TimeGenerated -gt [datetime]::Today.AddDays('-1')) }
这是日志文件列表
Message TimeGenerated
------- -------------
Shutdown has occurred ... 1/18/2017 12:01:52 AM
Shutdown has occurred ... 1/18/2017 12:01:52 AM
Shutdown has occurred ... 1/18/2017 12:01:52 AM
Shutdown has occurred ... 1/16/2017 7:01:53 PM
Shutdown has occurred ... 1/16/2017 7:01:53 PM
Shutdown has occurred ... 1/16/2017 7:01:53 PM
Shutdown has occurred ... 1/15/2017 2:01:39 PM
Shutdown has occurred ... 1/15/2017 2:01:39 PM
Shutdown has occurred ... 1/15/2017 2:01:39 PM
Shutdown has occurred ... 1/14/2017 1:58:47 PM
Shutdown has occurred ... 1/14/2017 1:58:47 PM
Shutdown has occurred ... 1/14/2017 1:58:47 PM
Shutdown has occurred ... 1/13/2017 8:58:46 AM
Shutdown has occurred ... 1/13/2017 8:58:46 AM
Shutdown has occurred ... 1/13/2017 8:58:46 AM
Shutdown has occurred ... 1/12/2017 3:58:45 AM
Shutdown has occurred ... 1/12/2017 3:58:45 AM
您的问题是您使用 Select cmdlet 来扩展 Message。因此,当您尝试过滤 TimeGenerated 时,属性 不存在。如果您只想要消息,则过滤后 select。
Get-EventLog -LogName Application -EntryType Warning -Source MicrosoftDynamicsNAVClientWebClient | Where { ($_.Message -match 'Shutdown') -and ($_.TimeGenerated -gt [datetime]::Today.AddDays(-1)) } | Select -ExpandProperty Message