I have made a powershell script which is as below but since I won't be able to save it in .evtx format. I want the wevtutil equivalent(using wevtutil epl) for the same.Please help!
$ErrorTime=Get-WinEvent -FilterHashtable @{
Logname = 'Application'
ID = 1000
ProviderName = 'Application Error'
} -MaxEvents 1 | select Select-Object -Expand TimeCreated
$Start_Time = ($ErrorTime).addhours(-2)
$End_Time = ($ErrorTime).addhours(2)
Get-WinEvent -FilterHashtable @{
Logname='Application','System','Security' 'Setup'
StartTime=$Start_Time
EndTime =$End_Time}
Just to tell what the script is doing. It is getting the timestammp for the last application error 1000 occurred,adding and subtracting two hours to that timestamp and then querying application system security and setup between those times.
I need something like this
wevtutil epl Application where time >= $Start_Time and time <=
$End_Time
Please help.
Best Answer
You can use XPath to make specific event queries, with many event tools (Event MMC, Powershell, and Wevtutil). I'm comfortable with XML structures in other cases, SCOM management packs, HTML, etc, but I find XPath a little harder to get just right. A few points to remember are that:
Sample