Function execution error: Value cannot be null

Question

I have created a PowerShell script that is triggered via Task Scheduler when a windows event occur.

The script is expected to receive eventID, eventRecordId and channel and gets event detail from Get-WinEvent and display the detail via a pop up.

Param(  $eventID, $eventRecordId, $channel)

#$ErrorActionPreference="SilentlyContinue"
Stop-Transcript | out-null
$ErrorActionPreference = "Continue"
Start-Transcript -path C:\temp\output.txt -append

function PopUPEventInfo ( $eventID, $eventRecordId, $channel)
{

Add-Content -Value $eventID -Path C:\users\CFNLocalAdmin\data.txt 
Add-Content -Value $eventRecordId -Path C:\users\CFNLocalAdmin\data.txt 
Add-Content -Value $channel -Path C:\users\CFNLocalAdmin\data.txt 


if($eventID -eq 7036)
{


$events = Get-WinEvent -LogName 'System' -FilterXPath "<QueryList><Query Path='System'><Select >*[System[(EventRecordID=8478)]]</Select></Query></QueryList>"
foreach($event in $events)
{


$eventParams=$event.ToXml()

$eventXml = [xml]$event.ToXml()

#Write-Host "Attempting parsing xml event"
$SysTime=$eventXml.Event.System.TimeCreated.SystemTime
#Write-Host $SysTime
$ProviderName=$eventXml.Event.System.Provider.Name
#Write-Host $ProviderName
$ServiceName=""
$ServiceStatus=""

$ServiceName= $eventXml.Event.EventData.Data[0].'#text'
$ServiceStatus=$eventXml.Event.EventData.Data[1].'#text'


$popipObj = New-Object -ComObject wscript.shell
$popipObj.popup("RecordID: "+$eventRecordId +", Channel :"+$channel+"Event Timestamp: "+$ServiceName +": "+$ServiceStatus)
}
}
}

PopUPEventInfo  $eventID, $eventRecordId, $channel

The line

$events = Get-WinEvent -LogName 'System' -FilterXPath "<QueryList><Query Path='System'><Select >*[System[(EventRecordID=8478)]]</Select></Query></QueryList>"

works fine but when I replace constants with variables

$events = Get-WinEvent -LogName $channel -FilterXPath "<QueryList><Query Path='$channel'><Select >*[System[(EventRecordID=$eventRecordId)]]</Select></Query></QueryList>"

I get the following error.

TerminatingError(Get-WinEvent): "Value cannot be null.
Parameter name: collection"
Get-WinEvent : Value cannot be null.
Parameter name: collection
At C:\Users\CFNLocalAdmin\test.ps1:26 char:11
+ $events = Get-WinEvent -LogName $channel -FilterXPath "<QueryList><Query Path='S ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-WinEvent], ArgumentNullException
    + FullyQualifiedErrorId : System.ArgumentNullException,Microsoft.PowerShell.Commands.GetWinEventCommand

I am not sure what I am doing wrong. I can see the values of $eventID, $eventRecordId and $channel getting written to the data file but why the Get-WinEvent is giving null exception

I appreciate if anyone point me to the right direction

Andrew Savinykh · Answer 1 · 2016-02-18T00:56:24.283

Most likely cause for the error is $channel being null. You are saying that you can see that it's not null because it's written to a file but I'm sceptical. Perhaps you are seeing values there from previous runs.

If you by any chance have a Cyrillic keyboard, or if you copied your script from a Cyrillic source, make sure that c, a and e in the $channel are not Cyrillic с, а and е. Powershell can stomach them happily, but $channel and $сhаnnеl are two different variables, even if you can't see that.

$channel = 'Hello'
$сhаnnеl = 'Again'
Write-Host $channel    
Write-Host $сhаnnеl

Gives this output:

PS C:\WINDOWS\system32> $channel = 'Hello'
PS C:\WINDOWS\system32> $сhаnnеl = 'Again'
PS C:\WINDOWS\system32> Write-Host $channel
Hello
PS C:\WINDOWS\system32> Write-Host $сhаnnеl
Again
PS C:\WINDOWS\system32>

score 0 · Answer 2 · answered Feb 18 '16 at 01:20

0

The issue that you are experiencing is that you are calling the function incorrectly. You have placed commas between your parameters when you call it, making them an array, so you are effectively passing all three variables to your first parameter.

PopUPEventInfo  $eventID, $eventRecordId, $channel

Is effectively seen as this:

PopUPEventInfo  -EventId @($eventID, $eventRecordId, $channel) -EventRecordId $null -Channel $null

If you simply remove the commas the command should work as expected.

PopUPEventInfo  $eventID $eventRecordId $channel

Or fully:

PopUPEventInfo  -EventId $eventID -EventRecordId $eventRecordId -Channel $channel

answered Feb 18 '16 at 01:20

TheMadTechnician

34,906
3
42
56

Thanks, removing commas worked. – shantanu Feb 18 '16 at 18:19
Good to hear! If this answer provided a solution to your issue please mark it as accepted so that future users can find it when they search for similar issues. – TheMadTechnician Feb 18 '16 at 19:51

Function execution error: Value cannot be null

2 Answers2