From 861e078b76d0e627a8c2f8415f39e2404eb6f531 Mon Sep 17 00:00:00 2001
From: David Smatlak <v-dasmat@microsoft.com>
Date: Tue, 26 Mar 2019 15:02:59 -0700
Subject: [PATCH] Fixes #4018, Fixes #4019. Updated Description and
 ComputerName parameter for Get-EventLog. (#4059)

* updated content, style

* Updated based on review comments
---
 .../Get-EventLog.md                           | 87 +++++++++---------
 .../Get-EventLog.md                           | 87 +++++++++---------
 .../Get-EventLog.md                           | 88 ++++++++++---------
 .../Get-EventLog.md                           | 88 ++++++++++---------
 4 files changed, 181 insertions(+), 169 deletions(-)

diff --git a/reference/3.0/Microsoft.PowerShell.Management/Get-EventLog.md b/reference/3.0/Microsoft.PowerShell.Management/Get-EventLog.md
index 61ba96022612..bc8118af7423 100644
--- a/reference/3.0/Microsoft.PowerShell.Management/Get-EventLog.md
+++ b/reference/3.0/Microsoft.PowerShell.Management/Get-EventLog.md
@@ -1,5 +1,5 @@
 ---
-ms.date: 1/18/2019
+ms.date: 3/26/2019
 schema:  2.0.0
 locale:  en-us
 keywords:  powershell,cmdlet
@@ -19,9 +19,10 @@ computers.
 ### LogName (Default)
 
 ```
-Get-EventLog [-LogName] <string> [[-InstanceId] <long[]>] [-ComputerName <string[]>] [-Newest
-<int>] [-After <datetime>] [-Before <datetime>] [-UserName <string[]>] [-Index <int[]>] [-EntryType
-<string[]>] [-Source <string[]>] [-Message <string>] [-AsBaseObject] [<CommonParameters>]
+Get-EventLog [-LogName] <string> [[-InstanceId] <long[]>] [-ComputerName <string[]>] [-Newest <int>]
+[-After <datetime>] [-Before <datetime>] [-UserName <string[]>] [-Index <int[]>]
+[-EntryType <string[]>] [-Source <string[]>] [-Message <string>] [-AsBaseObject]
+[<CommonParameters>]
 ```
 
 ### List
@@ -32,14 +33,16 @@ Get-EventLog [-ComputerName <string[]>] [-List] [-AsString] [<CommonParameters>]
 
 ## DESCRIPTION
 
-The `Get-EventLog` cmdlet gets events and event logs on the local and remote computers.
+The `Get-EventLog` cmdlet gets events and event logs from local and remote computers. By default,
+`Get-EventLog` gets logs from the local computer. To get logs from remote computers, use the
+**ComputerName** parameter.
 
-You can use the cmdlet's parameters and property values to search for events. This cmdlet gets
+You can use the `Get-EventLog` parameters and property values to search for events. The cmdlet gets
 events that match the specified property values.
 
-The cmdlets that contain the EventLog noun work only on classic event logs. To get events from logs
-that use the Windows Event Log technology in Windows Vista and later Windows versions, use
-`Get-WinEvent`.
+PowerShell cmdlets that contain the `EventLog` noun work only on Windows classic event logs such as
+Application, System, or Security. To get logs that use the Windows Event Log technology in Windows
+Vista and later Windows versions, use `Get-WinEvent`.
 
 ## EXAMPLES
 
@@ -149,16 +152,16 @@ Index Time          EntryType  Source  InstanceID  Message
 ```
 
 The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The
-**InstanceID** parameter selects the events with the specified Instance ID. The **Source**
-parameter specifies the event property.
+**InstanceID** parameter selects the events with the specified Instance ID. The **Source** parameter
+specifies the event property.
 
 ### Example 6: Get events from multiple computers
 
 This command gets the events from the System event log on three computers: Server01, Server02, and
-the local computer known as localhost.
+Server03.
 
 ```powershell
-Get-EventLog -LogName System -ComputerName Server01, Server02, localhost
+Get-EventLog -LogName System -ComputerName Server01, Server02, Server03
 ```
 
 The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The
@@ -167,8 +170,8 @@ to get the event logs.
 
 ### Example 7: Get all events that include a specific word in the message
 
-This command gets all the events in the System event log that contain a specific word in the
-event's message. It's possible that your specified **Message** parameter's value is included in the
+This command gets all the events in the System event log that contain a specific word in the event's
+message. It's possible that your specified **Message** parameter's value is included in the
 message's content but isn't displayed on the PowerShell console.
 
 ```powershell
@@ -217,8 +220,8 @@ Container          :
 The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System event log. The
 **Newest** parameter selects the most recent event object. The object is stored in the `$A`
 variable. The object in the `$A` variable is sent down the pipeline to the `Select-Object` cmdlet.
-`Select-Object` uses the **Property** parameter with an asterisk (`*`) to select all of the
-object's properties.
+`Select-Object` uses the **Property** parameter with an asterisk (`*`) to select all of the object's
+properties.
 
 ### Example 9: Get events from an event log using a source and event ID
 
@@ -238,11 +241,11 @@ Outlook       63   1073741887   The Exchange web service request succeeded.
 ```
 
 The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the Application event log. The
-**Source** parameter specifies the application name, Outlook. The objects are sent down the
-pipeline to the `Where-Object` cmdlet. For each object in the pipeline, the `Where-Object` cmdlet
-uses the variable `$_.EventID` to compare the Event ID property to the specified value. The objects
-are sent down the pipeline to the `Select-Object` cmdlet. `Select-Object` uses the **Property**
-parameter to select the properties to display in the PowerShell console.
+**Source** parameter specifies the application name, Outlook. The objects are sent down the pipeline
+to the `Where-Object` cmdlet. For each object in the pipeline, the `Where-Object` cmdlet uses the
+variable `$_.EventID` to compare the Event ID property to the specified value. The objects are sent
+down the pipeline to the `Select-Object` cmdlet. `Select-Object` uses the **Property** parameter to
+select the properties to display in the PowerShell console.
 
 ### Example 10: Get events and group by a property
 
@@ -259,9 +262,9 @@ Count  Name
    4   NT AUTHORITY\NETWORK SERVICE
 ```
 
-The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The
-**UserName** parameter includes the asterisk (`*`) wildcard to specify a portion of the user name.
-The event objects are sent down the pipeline to the `Group-Object` cmdlet. `Group-Object` uses the
+The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The **UserName**
+parameter includes the asterisk (`*`) wildcard to specify a portion of the user name. The event
+objects are sent down the pipeline to the `Group-Object` cmdlet. `Group-Object` uses the
 **Property** parameter to specify that the **UserName** property is used to group the objects and
 count the number of objects for each user name. The **NoElement** parameter removes the group
 members from the output. The objects are sent down the pipeline to the `Select-Object` cmdlet.
@@ -299,9 +302,9 @@ event type. The date and time range is set by the **After** parameter and `$Begi
 
 ### -After
 
-Gets events that occurred after a specified date and time. The **After** parameter date and time
-are excluded from the output. Enter a **DateTime** object, such as the value returned by the
-`Get-Date` cmdlet.
+Gets events that occurred after a specified date and time. The **After** parameter date and time are
+excluded from the output. Enter a **DateTime** object, such as the value returned by the `Get-Date`
+cmdlet.
 
 ```yaml
 Type: DateTime
@@ -372,15 +375,16 @@ Accept wildcard characters: False
 
 ### -ComputerName
 
-Specifies a remote computer. If a **ComputerName** is not specified, `Get-EventLog` uses the local
-computer.
+This parameter specifies a remote computer's NetBIOS name, Internet Protocol (IP) address, or a
+fully qualified domain name (FQDN).
 
-Type the NetBIOS name, an Internet Protocol (IP) address, or a fully qualified domain name (FQDN)
-of a remote computer. To specify the local computer, type the computer name, a dot (`.`), or
-localhost.
+If the **ComputerName** parameter isn't specified, `Get-EventLog` uses the default, which is the
+local computer. If you need to specify the local computer, the parameter accepts a dot (`.`), the
+loopback IP **127.0.0.1**, or **localhost**.
 
-This parameter does not rely on Windows PowerShell remoting. You can use the **ComputerName**
-parameter of `Get-EventLog` even if your computer is not configured to run remote commands.
+The **ComputerName** parameter doesn't rely on Windows PowerShell remoting. You can use
+`Get-EventLog` with the **ComputerName** parameter even if your computer is not configured to run
+remote commands.
 
 ```yaml
 Type: String[]
@@ -421,8 +425,8 @@ Accept wildcard characters: False
 
 ### -Index
 
-Specifies the index values to get from the event log. The parameter accepts a comma-separated
-string of values.
+Specifies the index values to get from the event log. The parameter accepts a comma-separated string
+of values.
 
 ```yaml
 Type: int[]
@@ -438,8 +442,8 @@ Accept wildcard characters: False
 
 ### -InstanceId
 
-Specifies the Instance IDs to get from the event log. The parameter accepts a comma-separated
-string of values.
+Specifies the Instance IDs to get from the event log. The parameter accepts a comma-separated string
+of values.
 
 ```yaml
 Type: long[]
@@ -540,7 +544,7 @@ Accept wildcard characters: True
 ### -UserName
 
 Specifies, as a string array, user names that are associated with events. Enter names or name
-patterns, such as User01, User*, or Domain01\User*. Wildcards are permitted.
+patterns, such as `User01`, `User*`, or `Domain01\User*`. Wildcards are permitted.
 
 ```yaml
 Type: String[]
@@ -558,8 +562,7 @@ Accept wildcard characters: True
 
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
 -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose,
--WarningAction, and -WarningVariable. For more information, see
-[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+-WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
diff --git a/reference/4.0/Microsoft.PowerShell.Management/Get-EventLog.md b/reference/4.0/Microsoft.PowerShell.Management/Get-EventLog.md
index 4b660ee40d18..5ee4ff8e84b9 100644
--- a/reference/4.0/Microsoft.PowerShell.Management/Get-EventLog.md
+++ b/reference/4.0/Microsoft.PowerShell.Management/Get-EventLog.md
@@ -1,5 +1,5 @@
 ---
-ms.date: 1/18/2019
+ms.date: 3/26/2019
 schema:  2.0.0
 locale:  en-us
 keywords:  powershell,cmdlet
@@ -19,9 +19,10 @@ computers.
 ### LogName (Default)
 
 ```
-Get-EventLog [-LogName] <string> [[-InstanceId] <long[]>] [-ComputerName <string[]>] [-Newest
-<int>] [-After <datetime>] [-Before <datetime>] [-UserName <string[]>] [-Index <int[]>] [-EntryType
-<string[]>] [-Source <string[]>] [-Message <string>] [-AsBaseObject] [<CommonParameters>]
+Get-EventLog [-LogName] <string> [[-InstanceId] <long[]>] [-ComputerName <string[]>] [-Newest <int>]
+[-After <datetime>] [-Before <datetime>] [-UserName <string[]>] [-Index <int[]>]
+[-EntryType <string[]>] [-Source <string[]>] [-Message <string>] [-AsBaseObject]
+[<CommonParameters>]
 ```
 
 ### List
@@ -32,14 +33,16 @@ Get-EventLog [-ComputerName <string[]>] [-List] [-AsString] [<CommonParameters>]
 
 ## DESCRIPTION
 
-The `Get-EventLog` cmdlet gets events and event logs on the local and remote computers.
+The `Get-EventLog` cmdlet gets events and event logs from local and remote computers. By default,
+`Get-EventLog` gets logs from the local computer. To get logs from remote computers, use the
+**ComputerName** parameter.
 
-You can use the cmdlet's parameters and property values to search for events. This cmdlet gets
+You can use the `Get-EventLog` parameters and property values to search for events. The cmdlet gets
 events that match the specified property values.
 
-The cmdlets that contain the EventLog noun work only on classic event logs. To get events from logs
-that use the Windows Event Log technology in Windows Vista and later Windows versions, use
-`Get-WinEvent`.
+PowerShell cmdlets that contain the `EventLog` noun work only on Windows classic event logs such as
+Application, System, or Security. To get logs that use the Windows Event Log technology in Windows
+Vista and later Windows versions, use `Get-WinEvent`.
 
 ## EXAMPLES
 
@@ -149,16 +152,16 @@ Index Time          EntryType  Source  InstanceID  Message
 ```
 
 The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The
-**InstanceID** parameter selects the events with the specified Instance ID. The **Source**
-parameter specifies the event property.
+**InstanceID** parameter selects the events with the specified Instance ID. The **Source** parameter
+specifies the event property.
 
 ### Example 6: Get events from multiple computers
 
 This command gets the events from the System event log on three computers: Server01, Server02, and
-the local computer known as localhost.
+Server03.
 
 ```powershell
-Get-EventLog -LogName System -ComputerName Server01, Server02, localhost
+Get-EventLog -LogName System -ComputerName Server01, Server02, Server03
 ```
 
 The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The
@@ -167,8 +170,8 @@ to get the event logs.
 
 ### Example 7: Get all events that include a specific word in the message
 
-This command gets all the events in the System event log that contain a specific word in the
-event's message. It's possible that your specified **Message** parameter's value is included in the
+This command gets all the events in the System event log that contain a specific word in the event's
+message. It's possible that your specified **Message** parameter's value is included in the
 message's content but isn't displayed on the PowerShell console.
 
 ```powershell
@@ -217,8 +220,8 @@ Container          :
 The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System event log. The
 **Newest** parameter selects the most recent event object. The object is stored in the `$A`
 variable. The object in the `$A` variable is sent down the pipeline to the `Select-Object` cmdlet.
-`Select-Object` uses the **Property** parameter with an asterisk (`*`) to select all of the
-object's properties.
+`Select-Object` uses the **Property** parameter with an asterisk (`*`) to select all of the object's
+properties.
 
 ### Example 9: Get events from an event log using a source and event ID
 
@@ -238,11 +241,11 @@ Outlook       63   1073741887   The Exchange web service request succeeded.
 ```
 
 The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the Application event log. The
-**Source** parameter specifies the application name, Outlook. The objects are sent down the
-pipeline to the `Where-Object` cmdlet. For each object in the pipeline, the `Where-Object` cmdlet
-uses the variable `$_.EventID` to compare the Event ID property to the specified value. The objects
-are sent down the pipeline to the `Select-Object` cmdlet. `Select-Object` uses the **Property**
-parameter to select the properties to display in the PowerShell console.
+**Source** parameter specifies the application name, Outlook. The objects are sent down the pipeline
+to the `Where-Object` cmdlet. For each object in the pipeline, the `Where-Object` cmdlet uses the
+variable `$_.EventID` to compare the Event ID property to the specified value. The objects are sent
+down the pipeline to the `Select-Object` cmdlet. `Select-Object` uses the **Property** parameter to
+select the properties to display in the PowerShell console.
 
 ### Example 10: Get events and group by a property
 
@@ -259,9 +262,9 @@ Count  Name
    4   NT AUTHORITY\NETWORK SERVICE
 ```
 
-The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The
-**UserName** parameter includes the asterisk (`*`) wildcard to specify a portion of the user name.
-The event objects are sent down the pipeline to the `Group-Object` cmdlet. `Group-Object` uses the
+The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The **UserName**
+parameter includes the asterisk (`*`) wildcard to specify a portion of the user name. The event
+objects are sent down the pipeline to the `Group-Object` cmdlet. `Group-Object` uses the
 **Property** parameter to specify that the **UserName** property is used to group the objects and
 count the number of objects for each user name. The **NoElement** parameter removes the group
 members from the output. The objects are sent down the pipeline to the `Select-Object` cmdlet.
@@ -299,9 +302,9 @@ event type. The date and time range is set by the **After** parameter and `$Begi
 
 ### -After
 
-Gets events that occurred after a specified date and time. The **After** parameter date and time
-are excluded from the output. Enter a **DateTime** object, such as the value returned by the
-`Get-Date` cmdlet.
+Gets events that occurred after a specified date and time. The **After** parameter date and time are
+excluded from the output. Enter a **DateTime** object, such as the value returned by the `Get-Date`
+cmdlet.
 
 ```yaml
 Type: DateTime
@@ -372,15 +375,16 @@ Accept wildcard characters: False
 
 ### -ComputerName
 
-Specifies a remote computer. If a **ComputerName** is not specified, `Get-EventLog` uses the local
-computer.
+This parameter specifies a remote computer's NetBIOS name, Internet Protocol (IP) address, or a
+fully qualified domain name (FQDN).
 
-Type the NetBIOS name, an Internet Protocol (IP) address, or a fully qualified domain name (FQDN)
-of a remote computer. To specify the local computer, type the computer name, a dot (`.`), or
-localhost.
+If the **ComputerName** parameter isn't specified, `Get-EventLog` uses the default, which is the
+local computer. If you need to specify the local computer, the parameter accepts a dot (`.`), the
+loopback IP **127.0.0.1**, or **localhost**.
 
-This parameter does not rely on Windows PowerShell remoting. You can use the **ComputerName**
-parameter of `Get-EventLog` even if your computer is not configured to run remote commands.
+The **ComputerName** parameter doesn't rely on Windows PowerShell remoting. You can use
+`Get-EventLog` with the **ComputerName** parameter even if your computer is not configured to run
+remote commands.
 
 ```yaml
 Type: String[]
@@ -421,8 +425,8 @@ Accept wildcard characters: False
 
 ### -Index
 
-Specifies the index values to get from the event log. The parameter accepts a comma-separated
-string of values.
+Specifies the index values to get from the event log. The parameter accepts a comma-separated string
+of values.
 
 ```yaml
 Type: int[]
@@ -438,8 +442,8 @@ Accept wildcard characters: False
 
 ### -InstanceId
 
-Specifies the Instance IDs to get from the event log. The parameter accepts a comma-separated
-string of values.
+Specifies the Instance IDs to get from the event log. The parameter accepts a comma-separated string
+of values.
 
 ```yaml
 Type: long[]
@@ -540,7 +544,7 @@ Accept wildcard characters: True
 ### -UserName
 
 Specifies, as a string array, user names that are associated with events. Enter names or name
-patterns, such as User01, User*, or Domain01\User*. Wildcards are permitted.
+patterns, such as `User01`, `User*`, or `Domain01\User*`. Wildcards are permitted.
 
 ```yaml
 Type: String[]
@@ -558,8 +562,7 @@ Accept wildcard characters: True
 
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
 -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose,
--WarningAction, and -WarningVariable. For more information, see
-[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+-WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
diff --git a/reference/5.0/Microsoft.PowerShell.Management/Get-EventLog.md b/reference/5.0/Microsoft.PowerShell.Management/Get-EventLog.md
index afcdc109c26a..cbed898c33ca 100644
--- a/reference/5.0/Microsoft.PowerShell.Management/Get-EventLog.md
+++ b/reference/5.0/Microsoft.PowerShell.Management/Get-EventLog.md
@@ -1,5 +1,5 @@
 ---
-ms.date: 1/18/2019
+ms.date: 3/26/2019
 schema:  2.0.0
 locale:  en-us
 keywords:  powershell,cmdlet
@@ -7,6 +7,7 @@ online version:  http://go.microsoft.com/fwlink/?LinkId=821585
 external help file:  Microsoft.PowerShell.Commands.Management.dll-Help.xml
 title:  Get-EventLog
 ---
+
 # Get-EventLog
 
 ## SYNOPSIS
@@ -18,9 +19,10 @@ computers.
 ### LogName (Default)
 
 ```
-Get-EventLog [-LogName] <string> [[-InstanceId] <long[]>] [-ComputerName <string[]>] [-Newest
-<int>] [-After <datetime>] [-Before <datetime>] [-UserName <string[]>] [-Index <int[]>] [-EntryType
-<string[]>] [-Source <string[]>] [-Message <string>] [-AsBaseObject] [<CommonParameters>]
+Get-EventLog [-LogName] <string> [[-InstanceId] <long[]>] [-ComputerName <string[]>] [-Newest <int>]
+[-After <datetime>] [-Before <datetime>] [-UserName <string[]>] [-Index <int[]>]
+[-EntryType <string[]>] [-Source <string[]>] [-Message <string>] [-AsBaseObject]
+[<CommonParameters>]
 ```
 
 ### List
@@ -31,14 +33,16 @@ Get-EventLog [-ComputerName <string[]>] [-List] [-AsString] [<CommonParameters>]
 
 ## DESCRIPTION
 
-The `Get-EventLog` cmdlet gets events and event logs on the local and remote computers.
+The `Get-EventLog` cmdlet gets events and event logs from local and remote computers. By default,
+`Get-EventLog` gets logs from the local computer. To get logs from remote computers, use the
+**ComputerName** parameter.
 
-You can use the cmdlet's parameters and property values to search for events. This cmdlet gets
+You can use the `Get-EventLog` parameters and property values to search for events. The cmdlet gets
 events that match the specified property values.
 
-The cmdlets that contain the EventLog noun work only on classic event logs. To get events from logs
-that use the Windows Event Log technology in Windows Vista and later Windows versions, use
-`Get-WinEvent`.
+PowerShell cmdlets that contain the `EventLog` noun work only on Windows classic event logs such as
+Application, System, or Security. To get logs that use the Windows Event Log technology in Windows
+Vista and later Windows versions, use `Get-WinEvent`.
 
 ## EXAMPLES
 
@@ -148,16 +152,16 @@ Index Time          EntryType  Source  InstanceID  Message
 ```
 
 The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The
-**InstanceID** parameter selects the events with the specified Instance ID. The **Source**
-parameter specifies the event property.
+**InstanceID** parameter selects the events with the specified Instance ID. The **Source** parameter
+specifies the event property.
 
 ### Example 6: Get events from multiple computers
 
 This command gets the events from the System event log on three computers: Server01, Server02, and
-the local computer known as localhost.
+Server03.
 
 ```powershell
-Get-EventLog -LogName System -ComputerName Server01, Server02, localhost
+Get-EventLog -LogName System -ComputerName Server01, Server02, Server03
 ```
 
 The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The
@@ -166,8 +170,8 @@ to get the event logs.
 
 ### Example 7: Get all events that include a specific word in the message
 
-This command gets all the events in the System event log that contain a specific word in the
-event's message. It's possible that your specified **Message** parameter's value is included in the
+This command gets all the events in the System event log that contain a specific word in the event's
+message. It's possible that your specified **Message** parameter's value is included in the
 message's content but isn't displayed on the PowerShell console.
 
 ```powershell
@@ -216,8 +220,8 @@ Container          :
 The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System event log. The
 **Newest** parameter selects the most recent event object. The object is stored in the `$A`
 variable. The object in the `$A` variable is sent down the pipeline to the `Select-Object` cmdlet.
-`Select-Object` uses the **Property** parameter with an asterisk (`*`) to select all of the
-object's properties.
+`Select-Object` uses the **Property** parameter with an asterisk (`*`) to select all of the object's
+properties.
 
 ### Example 9: Get events from an event log using a source and event ID
 
@@ -237,11 +241,11 @@ Outlook       63   1073741887   The Exchange web service request succeeded.
 ```
 
 The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the Application event log. The
-**Source** parameter specifies the application name, Outlook. The objects are sent down the
-pipeline to the `Where-Object` cmdlet. For each object in the pipeline, the `Where-Object` cmdlet
-uses the variable `$_.EventID` to compare the Event ID property to the specified value. The objects
-are sent down the pipeline to the `Select-Object` cmdlet. `Select-Object` uses the **Property**
-parameter to select the properties to display in the PowerShell console.
+**Source** parameter specifies the application name, Outlook. The objects are sent down the pipeline
+to the `Where-Object` cmdlet. For each object in the pipeline, the `Where-Object` cmdlet uses the
+variable `$_.EventID` to compare the Event ID property to the specified value. The objects are sent
+down the pipeline to the `Select-Object` cmdlet. `Select-Object` uses the **Property** parameter to
+select the properties to display in the PowerShell console.
 
 ### Example 10: Get events and group by a property
 
@@ -258,9 +262,9 @@ Count  Name
    4   NT AUTHORITY\NETWORK SERVICE
 ```
 
-The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The
-**UserName** parameter includes the asterisk (`*`) wildcard to specify a portion of the user name.
-The event objects are sent down the pipeline to the `Group-Object` cmdlet. `Group-Object` uses the
+The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The **UserName**
+parameter includes the asterisk (`*`) wildcard to specify a portion of the user name. The event
+objects are sent down the pipeline to the `Group-Object` cmdlet. `Group-Object` uses the
 **Property** parameter to specify that the **UserName** property is used to group the objects and
 count the number of objects for each user name. The **NoElement** parameter removes the group
 members from the output. The objects are sent down the pipeline to the `Select-Object` cmdlet.
@@ -298,9 +302,9 @@ event type. The date and time range is set by the **After** parameter and `$Begi
 
 ### -After
 
-Gets events that occurred after a specified date and time. The **After** parameter date and time
-are excluded from the output. Enter a **DateTime** object, such as the value returned by the
-`Get-Date` cmdlet.
+Gets events that occurred after a specified date and time. The **After** parameter date and time are
+excluded from the output. Enter a **DateTime** object, such as the value returned by the `Get-Date`
+cmdlet.
 
 ```yaml
 Type: DateTime
@@ -371,15 +375,16 @@ Accept wildcard characters: False
 
 ### -ComputerName
 
-Specifies a remote computer. If a **ComputerName** is not specified, `Get-EventLog` uses the local
-computer.
+This parameter specifies a remote computer's NetBIOS name, Internet Protocol (IP) address, or a
+fully qualified domain name (FQDN).
 
-Type the NetBIOS name, an Internet Protocol (IP) address, or a fully qualified domain name (FQDN)
-of a remote computer. To specify the local computer, type the computer name, a dot (`.`), or
-localhost.
+If the **ComputerName** parameter isn't specified, `Get-EventLog` uses the default, which is the
+local computer. If you need to specify the local computer, the parameter accepts a dot (`.`), the
+loopback IP **127.0.0.1**, or **localhost**.
 
-This parameter does not rely on Windows PowerShell remoting. You can use the **ComputerName**
-parameter of `Get-EventLog` even if your computer is not configured to run remote commands.
+The **ComputerName** parameter doesn't rely on Windows PowerShell remoting. You can use
+`Get-EventLog` with the **ComputerName** parameter even if your computer is not configured to run
+remote commands.
 
 ```yaml
 Type: String[]
@@ -420,8 +425,8 @@ Accept wildcard characters: False
 
 ### -Index
 
-Specifies the index values to get from the event log. The parameter accepts a comma-separated
-string of values.
+Specifies the index values to get from the event log. The parameter accepts a comma-separated string
+of values.
 
 ```yaml
 Type: int[]
@@ -437,8 +442,8 @@ Accept wildcard characters: False
 
 ### -InstanceId
 
-Specifies the Instance IDs to get from the event log. The parameter accepts a comma-separated
-string of values.
+Specifies the Instance IDs to get from the event log. The parameter accepts a comma-separated string
+of values.
 
 ```yaml
 Type: long[]
@@ -539,7 +544,7 @@ Accept wildcard characters: True
 ### -UserName
 
 Specifies, as a string array, user names that are associated with events. Enter names or name
-patterns, such as User01, User*, or Domain01\User*. Wildcards are permitted.
+patterns, such as `User01`, `User*`, or `Domain01\User*`. Wildcards are permitted.
 
 ```yaml
 Type: String[]
@@ -557,8 +562,7 @@ Accept wildcard characters: True
 
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
 -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose,
--WarningAction, and -WarningVariable. For more information, see
-[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+-WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
diff --git a/reference/5.1/Microsoft.PowerShell.Management/Get-EventLog.md b/reference/5.1/Microsoft.PowerShell.Management/Get-EventLog.md
index de9975891127..585c381767ee 100644
--- a/reference/5.1/Microsoft.PowerShell.Management/Get-EventLog.md
+++ b/reference/5.1/Microsoft.PowerShell.Management/Get-EventLog.md
@@ -3,7 +3,7 @@ external help file: Microsoft.PowerShell.Commands.Management.dll-Help.xml
 keywords: powershell,cmdlet
 locale: en-us
 Module Name: Microsoft.PowerShell.Management
-ms.date: 1/18/2019
+ms.date: 3/26/2019
 online version: http://go.microsoft.com/fwlink/?LinkId=821585
 schema: 2.0.0
 title: Get-EventLog
@@ -20,27 +20,30 @@ computers.
 ### LogName (Default)
 
 ```
-Get-EventLog [-LogName] <string> [[-InstanceId] <long[]>] [-ComputerName <string[]>] [-Newest
-<int>] [-After <datetime>] [-Before <datetime>] [-UserName <string[]>] [-Index <int[]>] [-EntryType
-<string[]>] [-Source <string[]>] [-Message <string>] [-AsBaseObject] [<CommonParameters>]
+Get-EventLog [-LogName] <String> [-ComputerName <String[]>] [-Newest <Int32>] [-After <DateTime>]
+[-Before <DateTime>] [-UserName <String[]>] [[-InstanceId] <Int64[]>] [-Index <Int32[]>]
+[-EntryType <String[]>] [-Source <String[]>] [-Message <String>] [-AsBaseObject]
+[<CommonParameters>]
 ```
 
 ### List
 
 ```
-Get-EventLog [-ComputerName <string[]>] [-List] [-AsString] [<CommonParameters>]
+Get-EventLog [-ComputerName <String[]>] [-List] [-AsString] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
 
-The `Get-EventLog` cmdlet gets events and event logs on the local and remote computers.
+The `Get-EventLog` cmdlet gets events and event logs from local and remote computers. By default,
+`Get-EventLog` gets logs from the local computer. To get logs from remote computers, use the
+**ComputerName** parameter.
 
-You can use the cmdlet's parameters and property values to search for events. This cmdlet gets
+You can use the `Get-EventLog` parameters and property values to search for events. The cmdlet gets
 events that match the specified property values.
 
-The cmdlets that contain the EventLog noun work only on classic event logs. To get events from logs
-that use the Windows Event Log technology in Windows Vista and later Windows versions, use
-`Get-WinEvent`.
+PowerShell cmdlets that contain the `EventLog` noun work only on Windows classic event logs such as
+Application, System, or Security. To get logs that use the Windows Event Log technology in Windows
+Vista and later Windows versions, use `Get-WinEvent`.
 
 ## EXAMPLES
 
@@ -150,16 +153,16 @@ Index Time          EntryType  Source  InstanceID  Message
 ```
 
 The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The
-**InstanceID** parameter selects the events with the specified Instance ID. The **Source**
-parameter specifies the event property.
+**InstanceID** parameter selects the events with the specified Instance ID. The **Source** parameter
+specifies the event property.
 
 ### Example 6: Get events from multiple computers
 
 This command gets the events from the System event log on three computers: Server01, Server02, and
-the local computer known as localhost.
+Server03.
 
 ```powershell
-Get-EventLog -LogName System -ComputerName Server01, Server02, localhost
+Get-EventLog -LogName System -ComputerName Server01, Server02, Server03
 ```
 
 The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The
@@ -168,8 +171,8 @@ to get the event logs.
 
 ### Example 7: Get all events that include a specific word in the message
 
-This command gets all the events in the System event log that contain a specific word in the
-event's message. It's possible that your specified **Message** parameter's value is included in the
+This command gets all the events in the System event log that contain a specific word in the event's
+message. It's possible that your specified **Message** parameter's value is included in the
 message's content but isn't displayed on the PowerShell console.
 
 ```powershell
@@ -218,8 +221,8 @@ Container          :
 The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System event log. The
 **Newest** parameter selects the most recent event object. The object is stored in the `$A`
 variable. The object in the `$A` variable is sent down the pipeline to the `Select-Object` cmdlet.
-`Select-Object` uses the **Property** parameter with an asterisk (`*`) to select all of the
-object's properties.
+`Select-Object` uses the **Property** parameter with an asterisk (`*`) to select all of the object's
+properties.
 
 ### Example 9: Get events from an event log using a source and event ID
 
@@ -239,11 +242,11 @@ Outlook       63   1073741887   The Exchange web service request succeeded.
 ```
 
 The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the Application event log. The
-**Source** parameter specifies the application name, Outlook. The objects are sent down the
-pipeline to the `Where-Object` cmdlet. For each object in the pipeline, the `Where-Object` cmdlet
-uses the variable `$_.EventID` to compare the Event ID property to the specified value. The objects
-are sent down the pipeline to the `Select-Object` cmdlet. `Select-Object` uses the **Property**
-parameter to select the properties to display in the PowerShell console.
+**Source** parameter specifies the application name, Outlook. The objects are sent down the pipeline
+to the `Where-Object` cmdlet. For each object in the pipeline, the `Where-Object` cmdlet uses the
+variable `$_.EventID` to compare the Event ID property to the specified value. The objects are sent
+down the pipeline to the `Select-Object` cmdlet. `Select-Object` uses the **Property** parameter to
+select the properties to display in the PowerShell console.
 
 ### Example 10: Get events and group by a property
 
@@ -260,9 +263,9 @@ Count  Name
    4   NT AUTHORITY\NETWORK SERVICE
 ```
 
-The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The
-**UserName** parameter includes the asterisk (`*`) wildcard to specify a portion of the user name.
-The event objects are sent down the pipeline to the `Group-Object` cmdlet. `Group-Object` uses the
+The `Get-EventLog` cmdlet uses the **LogName** parameter to specify the System log. The **UserName**
+parameter includes the asterisk (`*`) wildcard to specify a portion of the user name. The event
+objects are sent down the pipeline to the `Group-Object` cmdlet. `Group-Object` uses the
 **Property** parameter to specify that the **UserName** property is used to group the objects and
 count the number of objects for each user name. The **NoElement** parameter removes the group
 members from the output. The objects are sent down the pipeline to the `Select-Object` cmdlet.
@@ -300,9 +303,9 @@ event type. The date and time range is set by the **After** parameter and `$Begi
 
 ### -After
 
-Gets events that occurred after a specified date and time. The **After** parameter date and time
-are excluded from the output. Enter a **DateTime** object, such as the value returned by the
-`Get-Date` cmdlet.
+Gets events that occurred after a specified date and time. The **After** parameter date and time are
+excluded from the output. Enter a **DateTime** object, such as the value returned by the `Get-Date`
+cmdlet.
 
 ```yaml
 Type: DateTime
@@ -373,15 +376,15 @@ Accept wildcard characters: False
 
 ### -ComputerName
 
-Specifies a remote computer. If a **ComputerName** is not specified, `Get-EventLog` uses the local
-computer.
+This parameter specifies a remote computer's NetBIOS name, Internet Protocol (IP) address, or a
+fully qualified domain name (FQDN).
 
-Type the NetBIOS name, an Internet Protocol (IP) address, or a fully qualified domain name (FQDN)
-of a remote computer. To specify the local computer, type the computer name, a dot (`.`), or
-localhost.
+If the **ComputerName** parameter isn't specified, `Get-EventLog` defaults to the local
+computer. The parameter also accepts a dot (`.`) to specify the local computer.
 
-This parameter does not rely on Windows PowerShell remoting. You can use the **ComputerName**
-parameter of `Get-EventLog` even if your computer is not configured to run remote commands.
+The **ComputerName** parameter doesn't rely on Windows PowerShell remoting. You can use
+`Get-EventLog` with the **ComputerName** parameter even if your computer is not configured to run
+remote commands.
 
 ```yaml
 Type: String[]
@@ -422,8 +425,8 @@ Accept wildcard characters: False
 
 ### -Index
 
-Specifies the index values to get from the event log. The parameter accepts a comma-separated
-string of values.
+Specifies the index values to get from the event log. The parameter accepts a comma-separated string
+of values.
 
 ```yaml
 Type: int[]
@@ -439,8 +442,8 @@ Accept wildcard characters: False
 
 ### -InstanceId
 
-Specifies the Instance IDs to get from the event log. The parameter accepts a comma-separated
-string of values.
+Specifies the Instance IDs to get from the event log. The parameter accepts a comma-separated string
+of values.
 
 ```yaml
 Type: long[]
@@ -541,7 +544,7 @@ Accept wildcard characters: True
 ### -UserName
 
 Specifies, as a string array, user names that are associated with events. Enter names or name
-patterns, such as User01, User*, or Domain01\User*. Wildcards are permitted.
+patterns, such as `User01`, `User*`, or `Domain01\User*`. Wildcards are permitted.
 
 ```yaml
 Type: String[]
@@ -559,8 +562,7 @@ Accept wildcard characters: True
 
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
 -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose,
--WarningAction, and -WarningVariable. For more information, see
-[about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
+-WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS