Question

I am writing a PowerShell Script that counts the number of 4624 EventIDs in a given day, but I am getting lost when I go to group the information by date. Is there anyone who could help me out? My output should have the date and the number of Logins for that day and nothing more.

Here is my Code:

Get-EventLog "Security" -Before ([DateTime]::Now) |
    Where -FilterScript {$_.EventID -eq 4624}
Was it helpful?

Solution

Try this:

Get-EventLog Security -Before ([DateTime]::Now) | 
    Where {$_.EventID -eq 4624} | 
    Group @{e={$_.TimeGenerated.Date}} | 
    Sort Count -desc

The Group-Object command allows you to specify an expression for the property to group on. In this case you want to group on the date part of the DateTime. Also note that it is unnecessary to quote arguments unless they contain space or special characters like ;, @, {, $ and (.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top