
I am using the below PowerShell function to parse event logs that have been saved locally from a remote machine. Unfortunately, I cannot for the life of me figure out how to dump out to another format instead of just to the console window.

When I insert an INTO statement into my SQL query I get the following error:

Exception calling "Execute" with "2" argument(s): "Cannot specify an INTO-entity when calling Execute() [The parameter is incorrect.]"

Any help is greatly appreciated.

    Function Parse-Event-Logs

$logtypes = "Application","System","Security"
foreach ($logtype in $logtypes)
$log_file = $LogsArchive + "\" + $folder + "\" + $logtype + ".evt"
$log_parser = new-object -comobject MSUtil.LogQuery
$log_type = new-object -comobject MSUtil.LogQuery.EventLogInputFormat
$log_type.resolvesids = $true
$log_type.fulltext = $true
$output_type = new-object -comobject MSUtil.LogQuery.NativeOutputFormat
$log_query = "SELECT * FROM $log_file  WHERE EventTypeName = 'Error event' OR EventTypeName = 'Warning event'"

$log_recs = $log_parser.execute($log_query,$log_type)
$lp_return = @{}
$log_entry = $log_recs.getrecord()

$lp_return | new-hashobject

} while ($log_recs.atend() -eq $false)

Catch {Write-Host "Event log is empty"}
Was it helpful?


OK, converting the comment to an answer. :-)

Use the ExecuteBatch method instead of the Execute method. ExecuteBatch allows for passing in input and output types.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top