Need to convert command in to wmi query\filter

StackOverflow https://stackoverflow.com/questions/18672572

  •  28-06-2022
  •  | 
  •  

Question

Can anyone help me to convert below command into wmi query or get-wmiobj -filter, as it takes more time for remote servers.

Get-EventLog -ComputerName $Comp -LogName System -After (Get-Date).AddDays(-3) -ErrorAction Stop |
         ? { $_.EntryType -eq "Critical" -or $_.EntryType -eq "Warning" -or $_.EntryType -eq "Error"}

Thx for your time.

Was it helpful?

Solution

Try doing the filtering on the remote host instead of retrieving events of all types first and filtering them afterwards:

Get-EventLog -Computer $Comp -LogName System -EventType Error,Warning `
  -After (Get-Date).AddDays(-3) -ErrorAction Stop

There isn't an event type "Critical", BTW.

If you must use WMI, something like this should work:

$age    = (Get-Date).AddDays(-3).ToUniversalTime()
$ts     = [System.Management.ManagementDateTimeconverter]::ToDmtfDateTime($age)
$filter = "LogFile='System' AND TimeGenerated>='$ts' AND EventType<=2"

gwmi Win32_NTLogEvent -Filter $filter -Computer $Comp -EnableAllPrivileges
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top