Sometimes, you may need to have the event ID for a system event, though what you really need is the instance ID. For example, Get-EventLog will only support instance IDs, but no event IDs. Here is a function that can translate event IDs into instance IDs:

function ConvertTo-InstanceID($eventID) {
  try { 
    get-wmiobject Win32_NTLogEvent -filter "EventCode=$eventID" | 
    Foreach-Object { $_.EventIdentifier; Throw "Done" } 
  } catch {}
}

 

Twitter This Tip! ReTweet this Tip!

Anonymous