Get-EventLog always requires you to specify exactly one event log via -LogName. You cannot use wildcards, and you cannot browse all event logs at once.
However, here is a trick you can do:
PS> Get-EventLog -LogName *
Max(K) Retain OverflowAction Entries Log
------ ------ -------------- ------- ---
20.480 0 OverwriteAsNeeded 13.283 Application
512 7 OverwriteOlder 98 Dell
20.480 0 OverwriteAsNeeded 0 HardwareEvents
512 7 OverwriteOlder 0 Internet Explorer
512 7 OverwriteOlder 46 isaAgentLog
20.480 0 OverwriteAsNeeded 0 Key Management Service
128 0 OverwriteAsNeeded 97 OAlerts
10.240 0 OverwriteAsNeeded 0 PowerShellPrivateLog
512 7 OverwriteOlder 0 PreEmptive
Security
20.480 0 OverwriteAsNeeded 5.237 System
16.384 0 OverwriteAsNeeded 20 TechSmith
15.360 0 OverwriteAsNeeded 10.279 Windows PowerShell
So apparently, -LogName does support wildcards after all. However, you now do not see the event log entries anymore, but rather a summary view. Still, you can get to the underlying event log entries like this:
PS> Get-EventLog -LogName * | Select-Object -ExpandProperty Entries -ErrorAction SilentlyContinue
This dumps all event log entries from all logs. From here, you can add custom filters. To see all event log errors that occurred within the past 48 hours, try this:
# take events not older than 48 hours $deadline = (Get-Date).AddHours(-48) Get-EventLog -LogName * | ForEach-Object { # get the entries, and quiet errors try { $_.Entries } catch {} } | Where-Object { # take only errors $_.EntryType -eq 'Error' } | Where-Object { # take only entries younger than the deadline $_.TimeGenerated -gt $deadline }
