Skip to content

Commit

Permalink
Fixes #4018, Fixes #4019. Updated Description and ComputerName parame…
Browse files Browse the repository at this point in the history 
…ter for Get-EventLog. (#4059)

* updated content, style

* Updated based on review comments
  • Loading branch information
@davidsmatlak @sdwheeler
davidsmatlak authored and sdwheeler committed Mar 26, 2019
1 parent e46ae5b commit 861e078
Show file tree
Hide file tree
Showing 4 changed files with 181 additions and 169 deletions.
87 changes: 45 additions & 42 deletions reference/3.0/Microsoft.PowerShell.Management/Get-EventLog.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
ms.date: 1/18/2019
ms.date: 3/26/2019
schema: 2.0.0
locale: en-us
keywords: powershell,cmdlet
Expand All @@ -19,9 +19,10 @@ computers.
### LogName (Default)

```
Get-EventLog [-LogName] <string> [[-InstanceId] <long[]>] [-ComputerName <string[]>] [-Newest
<int>] [-After <datetime>] [-Before <datetime>] [-UserName <string[]>] [-Index <int[]>] [-EntryType
<string[]>] [-Source <string[]>] [-Message <string>] [-AsBaseObject] [<CommonParameters>]
Get-EventLog [-LogName] <string> [[-InstanceId] <long[]>] [-ComputerName <string[]>] [-Newest <int>]
[-After <datetime>] [-Before <datetime>] [-UserName <string[]>] [-Index <int[]>]
[-EntryType <string[]>] [-Source <string[]>] [-Message <string>] [-AsBaseObject]
[<CommonParameters>]
```

### List
Expand All @@ -32,14 +33,16 @@ Get-EventLog [-ComputerName <string[]>] [-List] [-AsString] [<CommonParameters>]

## DESCRIPTION

The `Get-EventLog` cmdlet gets events and event logs on the local and remote computers.
The `Get-EventLog` cmdlet gets events and event logs from local and remote computers. By default,
`Get-EventLog` gets logs from the local computer. To get logs from remote computers, use the
**ComputerName** parameter.

You can use the cmdlet's parameters and property values to search for events. This cmdlet gets
You can use the `Get-EventLog` parameters and property values to search for events. The cmdlet gets
events that match the specified property values.

The cmdlets that contain the EventLog noun work only on classic event logs. To get events from logs
that use the Windows Event Log technology in Windows Vista and later Windows versions, use
`Get-WinEvent`.
PowerShell cmdlets that contain the `EventLog` noun work only on Windows classic event logs such as
Application, System, or Security. To get logs that use the Windows Event Log technology in Windows
Vista and later Windows versions, use `Get-WinEvent`.

## EXAMPLES

Expand Down Expand Up @@ -149,16 +152,16 @@ Index Time EntryType Source InstanceID Message
```

The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The
**InstanceID** parameter selects the events with the specified Instance ID. The **Source**
parameter specifies the event property.
**InstanceID** parameter selects the events with the specified Instance ID. The **Source** parameter
specifies the event property.

### Example 6: Get events from multiple computers

This command gets the events from the System event log on three computers: Server01, Server02, and
the local computer known as localhost.
Server03.

```powershell
Get-EventLog -LogName System -ComputerName Server01, Server02, localhost
Get-EventLog -LogName System -ComputerName Server01, Server02, Server03
```

The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The
Expand All @@ -167,8 +170,8 @@ to get the event logs.

### Example 7: Get all events that include a specific word in the message

This command gets all the events in the System event log that contain a specific word in the
event's message. It's possible that your specified **Message** parameter's value is included in the
This command gets all the events in the System event log that contain a specific word in the event's
message. It's possible that your specified **Message** parameter's value is included in the
message's content but isn't displayed on the PowerShell console.

```powershell
Expand Down Expand Up @@ -217,8 +220,8 @@ Container :
The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System event log. The
**Newest** parameter selects the most recent event object. The object is stored in the `$A`
variable. The object in the `$A` variable is sent down the pipeline to the `Select-Object` cmdlet.
`Select-Object` uses the **Property** parameter with an asterisk (`*`) to select all of the
object's properties.
`Select-Object` uses the **Property** parameter with an asterisk (`*`) to select all of the object's
properties.

### Example 9: Get events from an event log using a source and event ID

Expand All @@ -238,11 +241,11 @@ Outlook 63 1073741887 The Exchange web service request succeeded.
```

The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the Application event log. The
**Source** parameter specifies the application name, Outlook. The objects are sent down the
pipeline to the `Where-Object` cmdlet. For each object in the pipeline, the `Where-Object` cmdlet
uses the variable `$_.EventID` to compare the Event ID property to the specified value. The objects
are sent down the pipeline to the `Select-Object` cmdlet. `Select-Object` uses the **Property**
parameter to select the properties to display in the PowerShell console.
**Source** parameter specifies the application name, Outlook. The objects are sent down the pipeline
to the `Where-Object` cmdlet. For each object in the pipeline, the `Where-Object` cmdlet uses the
variable `$_.EventID` to compare the Event ID property to the specified value. The objects are sent
down the pipeline to the `Select-Object` cmdlet. `Select-Object` uses the **Property** parameter to
select the properties to display in the PowerShell console.

### Example 10: Get events and group by a property

Expand All @@ -259,9 +262,9 @@ Count Name
4 NT AUTHORITY\NETWORK SERVICE
```

The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The
**UserName** parameter includes the asterisk (`*`) wildcard to specify a portion of the user name.
The event objects are sent down the pipeline to the `Group-Object` cmdlet. `Group-Object` uses the
The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The **UserName**
parameter includes the asterisk (`*`) wildcard to specify a portion of the user name. The event
objects are sent down the pipeline to the `Group-Object` cmdlet. `Group-Object` uses the
**Property** parameter to specify that the **UserName** property is used to group the objects and
count the number of objects for each user name. The **NoElement** parameter removes the group
members from the output. The objects are sent down the pipeline to the `Select-Object` cmdlet.
Expand Down Expand Up @@ -299,9 +302,9 @@ event type. The date and time range is set by the **After** parameter and `$Begi

### -After

Gets events that occurred after a specified date and time. The **After** parameter date and time
are excluded from the output. Enter a **DateTime** object, such as the value returned by the
`Get-Date` cmdlet.
Gets events that occurred after a specified date and time. The **After** parameter date and time are
excluded from the output. Enter a **DateTime** object, such as the value returned by the `Get-Date`
cmdlet.

```yaml
Type: DateTime
Expand Down Expand Up @@ -372,15 +375,16 @@ Accept wildcard characters: False

### -ComputerName

Specifies a remote computer. If a **ComputerName** is not specified, `Get-EventLog` uses the local
computer.
This parameter specifies a remote computer's NetBIOS name, Internet Protocol (IP) address, or a
fully qualified domain name (FQDN).

Type the NetBIOS name, an Internet Protocol (IP) address, or a fully qualified domain name (FQDN)
of a remote computer. To specify the local computer, type the computer name, a dot (`.`), or
localhost.
If the **ComputerName** parameter isn't specified, `Get-EventLog` uses the default, which is the
local computer. If you need to specify the local computer, the parameter accepts a dot (`.`), the
loopback IP **127.0.0.1**, or **localhost**.

This parameter does not rely on Windows PowerShell remoting. You can use the **ComputerName**
parameter of `Get-EventLog` even if your computer is not configured to run remote commands.
The **ComputerName** parameter doesn't rely on Windows PowerShell remoting. You can use
`Get-EventLog` with the **ComputerName** parameter even if your computer is not configured to run
remote commands.

```yaml
Type: String[]
Expand Down Expand Up @@ -421,8 +425,8 @@ Accept wildcard characters: False

### -Index

Specifies the index values to get from the event log. The parameter accepts a comma-separated
string of values.
Specifies the index values to get from the event log. The parameter accepts a comma-separated string
of values.

```yaml
Type: int[]
Expand All @@ -438,8 +442,8 @@ Accept wildcard characters: False

### -InstanceId

Specifies the Instance IDs to get from the event log. The parameter accepts a comma-separated
string of values.
Specifies the Instance IDs to get from the event log. The parameter accepts a comma-separated string
of values.

```yaml
Type: long[]
Expand Down Expand Up @@ -540,7 +544,7 @@ Accept wildcard characters: True
### -UserName

Specifies, as a string array, user names that are associated with events. Enter names or name
patterns, such as User01, User*, or Domain01\User*. Wildcards are permitted.
patterns, such as `User01`, `User*`, or `Domain01\User*`. Wildcards are permitted.

```yaml
Type: String[]
Expand All @@ -558,8 +562,7 @@ Accept wildcard characters: True

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose,
-WarningAction, and -WarningVariable. For more information, see
[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
-WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).

## INPUTS

Expand Down
87 changes: 45 additions & 42 deletions reference/4.0/Microsoft.PowerShell.Management/Get-EventLog.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
ms.date: 1/18/2019
ms.date: 3/26/2019
schema: 2.0.0
locale: en-us
keywords: powershell,cmdlet
Expand All @@ -19,9 +19,10 @@ computers.
### LogName (Default)

```
Get-EventLog [-LogName] <string> [[-InstanceId] <long[]>] [-ComputerName <string[]>] [-Newest
<int>] [-After <datetime>] [-Before <datetime>] [-UserName <string[]>] [-Index <int[]>] [-EntryType
<string[]>] [-Source <string[]>] [-Message <string>] [-AsBaseObject] [<CommonParameters>]
Get-EventLog [-LogName] <string> [[-InstanceId] <long[]>] [-ComputerName <string[]>] [-Newest <int>]
[-After <datetime>] [-Before <datetime>] [-UserName <string[]>] [-Index <int[]>]
[-EntryType <string[]>] [-Source <string[]>] [-Message <string>] [-AsBaseObject]
[<CommonParameters>]
```

### List
Expand All @@ -32,14 +33,16 @@ Get-EventLog [-ComputerName <string[]>] [-List] [-AsString] [<CommonParameters>]

## DESCRIPTION

The `Get-EventLog` cmdlet gets events and event logs on the local and remote computers.
The `Get-EventLog` cmdlet gets events and event logs from local and remote computers. By default,
`Get-EventLog` gets logs from the local computer. To get logs from remote computers, use the
**ComputerName** parameter.

You can use the cmdlet's parameters and property values to search for events. This cmdlet gets
You can use the `Get-EventLog` parameters and property values to search for events. The cmdlet gets
events that match the specified property values.

The cmdlets that contain the EventLog noun work only on classic event logs. To get events from logs
that use the Windows Event Log technology in Windows Vista and later Windows versions, use
`Get-WinEvent`.
PowerShell cmdlets that contain the `EventLog` noun work only on Windows classic event logs such as
Application, System, or Security. To get logs that use the Windows Event Log technology in Windows
Vista and later Windows versions, use `Get-WinEvent`.

## EXAMPLES

Expand Down Expand Up @@ -149,16 +152,16 @@ Index Time EntryType Source InstanceID Message
```

The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The
**InstanceID** parameter selects the events with the specified Instance ID. The **Source**
parameter specifies the event property.
**InstanceID** parameter selects the events with the specified Instance ID. The **Source** parameter
specifies the event property.

### Example 6: Get events from multiple computers

This command gets the events from the System event log on three computers: Server01, Server02, and
the local computer known as localhost.
Server03.

```powershell
Get-EventLog -LogName System -ComputerName Server01, Server02, localhost
Get-EventLog -LogName System -ComputerName Server01, Server02, Server03
```

The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The
Expand All @@ -167,8 +170,8 @@ to get the event logs.

### Example 7: Get all events that include a specific word in the message

This command gets all the events in the System event log that contain a specific word in the
event's message. It's possible that your specified **Message** parameter's value is included in the
This command gets all the events in the System event log that contain a specific word in the event's
message. It's possible that your specified **Message** parameter's value is included in the
message's content but isn't displayed on the PowerShell console.

```powershell
Expand Down Expand Up @@ -217,8 +220,8 @@ Container :
The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System event log. The
**Newest** parameter selects the most recent event object. The object is stored in the `$A`
variable. The object in the `$A` variable is sent down the pipeline to the `Select-Object` cmdlet.
`Select-Object` uses the **Property** parameter with an asterisk (`*`) to select all of the
object's properties.
`Select-Object` uses the **Property** parameter with an asterisk (`*`) to select all of the object's
properties.

### Example 9: Get events from an event log using a source and event ID

Expand All @@ -238,11 +241,11 @@ Outlook 63 1073741887 The Exchange web service request succeeded.
```

The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the Application event log. The
**Source** parameter specifies the application name, Outlook. The objects are sent down the
pipeline to the `Where-Object` cmdlet. For each object in the pipeline, the `Where-Object` cmdlet
uses the variable `$_.EventID` to compare the Event ID property to the specified value. The objects
are sent down the pipeline to the `Select-Object` cmdlet. `Select-Object` uses the **Property**
parameter to select the properties to display in the PowerShell console.
**Source** parameter specifies the application name, Outlook. The objects are sent down the pipeline
to the `Where-Object` cmdlet. For each object in the pipeline, the `Where-Object` cmdlet uses the
variable `$_.EventID` to compare the Event ID property to the specified value. The objects are sent
down the pipeline to the `Select-Object` cmdlet. `Select-Object` uses the **Property** parameter to
select the properties to display in the PowerShell console.

### Example 10: Get events and group by a property

Expand All @@ -259,9 +262,9 @@ Count Name
4 NT AUTHORITY\NETWORK SERVICE
```

The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The
**UserName** parameter includes the asterisk (`*`) wildcard to specify a portion of the user name.
The event objects are sent down the pipeline to the `Group-Object` cmdlet. `Group-Object` uses the
The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The **UserName**
parameter includes the asterisk (`*`) wildcard to specify a portion of the user name. The event
objects are sent down the pipeline to the `Group-Object` cmdlet. `Group-Object` uses the
**Property** parameter to specify that the **UserName** property is used to group the objects and
count the number of objects for each user name. The **NoElement** parameter removes the group
members from the output. The objects are sent down the pipeline to the `Select-Object` cmdlet.
Expand Down Expand Up @@ -299,9 +302,9 @@ event type. The date and time range is set by the **After** parameter and `$Begi

### -After

Gets events that occurred after a specified date and time. The **After** parameter date and time
are excluded from the output. Enter a **DateTime** object, such as the value returned by the
`Get-Date` cmdlet.
Gets events that occurred after a specified date and time. The **After** parameter date and time are
excluded from the output. Enter a **DateTime** object, such as the value returned by the `Get-Date`
cmdlet.

```yaml
Type: DateTime
Expand Down Expand Up @@ -372,15 +375,16 @@ Accept wildcard characters: False

### -ComputerName

Specifies a remote computer. If a **ComputerName** is not specified, `Get-EventLog` uses the local
computer.
This parameter specifies a remote computer's NetBIOS name, Internet Protocol (IP) address, or a
fully qualified domain name (FQDN).

Type the NetBIOS name, an Internet Protocol (IP) address, or a fully qualified domain name (FQDN)
of a remote computer. To specify the local computer, type the computer name, a dot (`.`), or
localhost.
If the **ComputerName** parameter isn't specified, `Get-EventLog` uses the default, which is the
local computer. If you need to specify the local computer, the parameter accepts a dot (`.`), the
loopback IP **127.0.0.1**, or **localhost**.

This parameter does not rely on Windows PowerShell remoting. You can use the **ComputerName**
parameter of `Get-EventLog` even if your computer is not configured to run remote commands.
The **ComputerName** parameter doesn't rely on Windows PowerShell remoting. You can use
`Get-EventLog` with the **ComputerName** parameter even if your computer is not configured to run
remote commands.

```yaml
Type: String[]
Expand Down Expand Up @@ -421,8 +425,8 @@ Accept wildcard characters: False

### -Index

Specifies the index values to get from the event log. The parameter accepts a comma-separated
string of values.
Specifies the index values to get from the event log. The parameter accepts a comma-separated string
of values.

```yaml
Type: int[]
Expand All @@ -438,8 +442,8 @@ Accept wildcard characters: False

### -InstanceId

Specifies the Instance IDs to get from the event log. The parameter accepts a comma-separated
string of values.
Specifies the Instance IDs to get from the event log. The parameter accepts a comma-separated string
of values.

```yaml
Type: long[]
Expand Down Expand Up @@ -540,7 +544,7 @@ Accept wildcard characters: True
### -UserName

Specifies, as a string array, user names that are associated with events. Enter names or name
patterns, such as User01, User*, or Domain01\User*. Wildcards are permitted.
patterns, such as `User01`, `User*`, or `Domain01\User*`. Wildcards are permitted.

```yaml
Type: String[]
Expand All @@ -558,8 +562,7 @@ Accept wildcard characters: True

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose,
-WarningAction, and -WarningVariable. For more information, see
[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
-WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).

## INPUTS

Expand Down
Loading

0 comments on commit 861e078

Please sign in to comment.