2

I have been looking all over the place to just figure out what this "Level" means running Get-WinEvent.

For example, 

Get-WinEvent –FilterHashtable @{logname=’application’; level=2; starttime=$time; id=20}

What does level=2 represent here? The reason that I am asking is I am trying to validate the severity of each log and does that level=2 represent anything related to severity.

Bhargav Rao
  • 50,140
  • 28
  • 121
  • 140
kyj
  • 31
  • 3

2 Answers2

6

Let's try and find out:

#Get sample object
$t = Get-WinEvent -MaxEvents 1 -FilterHashtable @{ Logname='application'; level=2 }

#Explore properties and type
$t.GetType().Fullname
System.Diagnostics.Eventing.Reader.EventLogRecord

A quick msdn-search for EventLogRecord points us to the EventLogRecord.Level Property

Gets the level of the event. The level signifies the severity of the event. For the name of the level, get the value of the LevelDisplayName property

#Check out Level vs LevelDisplayName
$t | Format-Table -Property Level, LevelDisplayName -AutoSize

Level LevelDisplayName
----- ----------------
    2 Error

A quick search in my log to list some level-values:

Get-WinEvent @{ logname='application' } | Select-Object Level, LevelDisplayName -Unique | Sort-Object Level

Level LevelDisplayName
----- ----------------
    0 Information     
    2 Error           
    3 Warning         
    4 Information

It also says on the Level-property page that it uses the StandardEventLevel enum, so lets list it's values:

[enum]::GetValues([System.Diagnostics.Eventing.Reader.StandardEventLevel]) | Select-Object {$_}, {$_.value__ }

           $_ $_.value__ 
           -- -----------
    LogAlways           0
     Critical           1
        Error           2
      Warning           3
Informational           4
      Verbose           5
Frode F.
  • 52,376
  • 9
  • 98
  • 114
  • 1
    Thank you. I am new to powershell. Just looking for specific information is hard. and I really appreciate for your time. – kyj Feb 16 '16 at 21:13
  • Even better reason for me to describe the full journey to the answer then. :-) You learn by trying, failing and asking questions like you're doing now. Welcome to StackOverflow! – Frode F. Feb 16 '16 at 21:15
  • If you consider this the correct answer, please use the checkmark to the left of the answer so we can mark the question as solved. :-) – Frode F. Feb 16 '16 at 21:44
0

See this link for more info. MSDN

Effectively you're looking for a winmeta.xml file, but it'll have these for the base values :

  • LogAlways: 0,
  • Critical: 1,
  • Error: 2,
  • Warning: 3,
  • Information: 4,
  • Verbose: 5,
  • rest below 16 are reserved
mcr
  • 762
  • 5
  • 19