Get-EventLogSummary
Windows: Retrieves a summary of recent errors and warnings from event logs
#Requires -Version 5.1
[CmdletBinding()]
Param
(
[Parameter(Mandatory = $true)]
[ValidateSet('System', 'Application', 'Security')]
[string]$LogName,
[int]$MaxEvents = 50,
[int]$Hours = 24,
[string]$ComputerName = $env:COMPUTERNAME,
[pscredential]$Credential
)
Process
{
try
{
$startTime = (Get-Date).AddHours(-$Hours)
$query = "*[System[(Level=1 or Level=2 or Level=3) and TimeCreated[@SystemTime >= '$($startTime.ToUniversalTime().ToString("s"))Z']]]"
$eventParams = @{
'LogName' = $LogName
'FilterXPath' = $query
'MaxEvents' = $MaxEvents
'ErrorAction' = 'Stop'
}
if ($ComputerName -ne $env:COMPUTERNAME)
{
$eventParams.Add('ComputerName', $ComputerName)
if ($null -ne $Credential)
{
$eventParams.Add('Credential', $Credential)
}
}
$events = Get-WinEvent @eventParams -ErrorAction SilentlyContinue
if ($null -ne $events)
{
$results = foreach ($e in $events)
{
[PSCustomObject]@{
TimeCreated = $e.TimeCreated
Id = $e.Id
Level = $e.LevelDisplayName
Source = $e.ProviderName
Message = $e.Message.Trim()
ComputerName = $ComputerName
}
}
Write-Output $results
}
else
{
Write-Verbose "No critical events found in '$LogName' for the last $Hours hours."
}
}
catch
{
throw
}
}Specifies the name of the log to query (e.g., "System", "Application").
Specifies the maximum number of events to retrieve per log.
Specifies the time window to look back for events. Defaults to 24 hours.
Specifies the name of the target computer. Defaults to the local computer.
Specifies a PSCredential object for remote connection.