In the previous tip we encouraged you to deprecate the Get-EventLog cmdlet and instead start using Get-WinEvent – because the latter is more powerful, and because the former is no longer supported in PowerShell 7.
Let’s practice once more how to translate a Get-EventLog statement to Get-WinEvent. Here is the old one-liner that I’d like to translate. It returns all errors and warnings from the System event log that occurred in the past 48 hours:
$twoDaysAgo = (Get-Date).AddDays(-2) Get-EventLog -LogName System -EntryType Error, Warning -After $twoDaysAgo
And this would be the line using Get-WinEvent that works in all PowerShell versions:
$twoDaysAgo = (Get-Date).AddDays(-2) Get-WinEvent -FilterHashtable @{ LogName = 'System' Level = 2,3 StartTime = $twoDaysAgo }
It returns the same events, yet it is much faster. Here are the remaining keys that you can use in the hash table:
Key name | Data Type | Wildcards Allowed |
LogName | <String[]> | Yes |
ProviderName | <String[]> | Yes |
Path | <String[]> | No |
Keywords | <Long[]> | No |
ID | <Int32[]> | No |
Level | <Int32[]> | No |
StartTime | <DateTime> | No |
EndTime | <DataTime> | No |
UserID | <SID> | No |
Data | <String[]> | No |