0

I'm still pretty green with PS and I'm stuck with a script. The end goal is to send an email if an event is logged in the application log by a certain source with a certain id (2 in this case) and if the message in the event contains a certain string. I had this working without a loop up until I realized the source that creates these events sometimes dumps 4 or 5 events at the exact same time all with the same id and since my old script was only looking at the newest event, it wouldn't find it if the event wasn't the last one logged in the 4 or 5 events dumped at once. So now the plan is to pull the last 10 id 2 events when a event id 2 is logged and parse through them looking for the needed string. And this is where everything is breaking for me. So far I have as a test:

    $eventLogs = Get-EventLog -LogName Application -Source "<source>" -InstanceId 2 -Newest 100 -EntryType Error
    $eventLogs | ForEach-Object Message
    if (Message -contains "<string>")
    {
     Write-Host "Found One"
    }

I've also Tried this:

    $eventLogs = Get-EventLog -LogName Application -Source "<source>" -InstanceId 2 -Newest 100 -EntryType Error | ForEach-Object Message
    foreach ($event in $eventLogs)
    {
    if(($eventLogs) -contains "<string>")
     {
      write-host "found one"
     }
    }

All to no avail. Can someone help me see what I'm missing?

wildrover
  • 1
  • 1
  • 1
  • [PowerShell and the -contains operator](http://stackoverflow.com/questions/18877580/powershell-and-the-contains-operator) – beatcracker Mar 31 '16 at 21:45

1 Answers1

0

Look into the Where-Object for powershell and you should just be able to add something like this after your command to get the items without having to assign them to a list:

 | Where-Object {$_.Message -like "<string>"}

Powershell will iterate the results spit back from the Get-EventLog and filter them based on whatever property you can throw at it.

Josh
  • 10,352
  • 12
  • 58
  • 109