0

I'm trying to get EventLog entries for a certain process, 'Application Error'. I can list it with the following command, but I'm having trouble finding out how to list the log entries and not just the LogLink name.

powershell Get-WinEvent -ListProvider *Error

Gives:

Name:     Application Error
LogLinks: {Application}
Opcodes:  {}
Tasks:    {}

I found this example, but I'm unsure how they got the directory information used in the xml definition that got the log entries. Get-WinEvent and xml filters

I tried

powershell Get-WinEvent -ListProvider *Error -logName Applicaiton

but get the error

Get-WinEvent : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:1
+ Get-WinEvent -ListProvider *Error -logName Applicaiton
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-WinEvent], ParameterBindingException
    + FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.PowerShell.Commands.GetWinEventCommand

I saw Get-eventlog, but again, they know where to find their event logs in the second case. Also, I'm not sure where PowerShell command goes since I'm doing this at the windows command line, and still get an error with what they are doing (and I'm unsure why they use SilentlyContinue so I left it out):

powershell (Get-WinEvent -ListProvider *Error -logName Applicaiton -ErrorAction).LogName

Get-WinEvent : Missing an argument for parameter 'ErrorAction'. Specify a parameter of type
'System.Management.Automation.ActionPreference' and try again.
At line:1 char:57
+ ... nEvent -ListProvider *Error -logName Applicaiton -ErrorAction).LogNam ...
+                                                      ~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-WinEvent], ParameterBindingException
    + FullyQualifiedErrorId : MissingArgument,Microsoft.PowerShell.Commands.GetWinEventCommand

Update

I tried powershell (Get-WinEvent -ListProvider *Error -logName Applicaiton -ErrorAction Continue).LogName

and get this error:

Get-WinEvent : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:2
+ (Get-WinEvent -ListProvider *Error -logName Applicaiton -ErrorAction  ...
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-WinEvent], ParameterBindingException
    + FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.PowerShell.Commands.GetWinEventCommand

Update2:

Found mis-spelling in Application thanks to Theo, but still have error:

powershell (Get-WinEvent -ListProvider *Error -logName Application -ErrorAction Continue).LogName

Error:

Get-WinEvent : Parameter set cannot be resolved using the specified named parameters.
At line:1 char:2
+ (Get-WinEvent -ListProvider *Error -logName Application -ErrorAction  ...
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-WinEvent], ParameterBindingException
    + FullyQualifiedErrorId : AmbiguousParameterSet,Microsoft.PowerShell.Commands.GetWinEventCommand

Update3:

I tried powershell Get-WinEvent -logName Application but it goes on forever. How do I just get event log info for 'Application Error'?

Update4:

I tried in powershell ISE:

Get-WinEvent -logname Application | Where-Object {$_.ProviderName -Match 'Application Error' }

And it seemed to work for a while, then had this error from powershell ISE:

Get-WinEvent : The maximum number of replacements has been reached
At line:3 char:1
+ Get-WinEvent -logname Application | Where-Object {$_.ProviderName -Ma ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-WinEvent], EventLogException
    + FullyQualifiedErrorId : The maximum number of replacements has been reached,Microsoft.PowerShell.Commands.GetWinEventCommand

From the windows command line (which is the ultimate goal) I didn't have any output, but did have this error:

powershell (Get-WinEvent  -logName Application | Where-Object {$_.ProviderName -Match 'Application Error'})

'Where-Object' is not recognized as an internal or external command,
operable program or batch file.
Michele
  • 3,617
  • 12
  • 47
  • 81
  • `Applicaiton` --> `Application` and for the `-ErrorAction` you didn't say what action you want.. See [About CommonParameters](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_commonparameters?view=powershell-7.2#-erroraction) – Theo Jul 26 '22 at 15:12
  • @Theo - see update above – Michele Jul 26 '22 at 15:27
  • 1
    There's still the typo... `Applicaiton` --> `Application` – Theo Jul 26 '22 at 15:30
  • @Theo - thanks, I see it now. Seems to have same error tho. Any ideas? – Michele Jul 26 '22 at 15:38
  • Yes, you cannot use `-LogName` and `-ListProvider` together. [Get-WinEvent](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.diagnostics/get-winevent) – Theo Jul 26 '22 at 15:41
  • @Theo - I need the event log for Application Error. How would I list those event log entries? – Michele Jul 26 '22 at 15:47
  • @Theo I'd appreciate if you know how to get just the Application Error ones. See Update3 and Update4 above. Thanks for your helpful ideas! :) – Michele Jul 26 '22 at 16:59

1 Answers1

0

I got this one working:

powershell (Get-WinEvent -FilterHashtable @{LogName='Application'; ProviderName='Application Error'} )

Michele
  • 3,617
  • 12
  • 47
  • 81