Question : Get-EventLog : how to sort and group by date (not date AND TIME)

Hello,

(I'm quite new to powershell scripting)
I'd like to improve this little script to group my Get-EventLog entries by date (descending) and eventid.
When I say "Date", I mean YYYY/mm/dd, not TimeGenerated because grouping this way is useless (you don't have much entries generated the very same second :)
=> Right now, I have too many repeated lines, which is why I'd like to group

Notice I'm working in a french environment. I don't know if there is a relationship, but my dates are written like "dd/mm/yyyy" and I guess that's why a "sort-object...-descending..." sorts in a strange way :)

Code Snippet:

1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27:

#later : $machines=@("127.0.0.1","another_host") $machines=@("127.0.0.1") $format=@{Expression={$_.TimeGenerated};Label="Date";width=21},` @{Expression={$_.EventID};Label="EventID";width=7},` @{Expression={$_.Source};Label="Index";width=25},` @{Expression={$_.Message};Label="Message"} foreach ($machine in $machines) { echo "***************************************************************" echo $machine $logs=[System.Diagnostics.EventLog]::GetEventLogs($machine) Foreach ($log in $logs) { $entrees=$log.entries | Where-Object {$_.entryType -match "Error"} | Select-Object -Last 20 | Format-Table -wrap $format if ($entrees.count -gt 0) { echo $log.LogDisplayName echo "------------------------------------------------------------------------------" echo $entrees } } }

Open in New Window Select All

Answer : Get-EventLog : how to sort and group by date (not date AND TIME)

Here's a merged version, figured it was getting quite complicated with bits everywhere ;)

I modified the formatting a bit to line up the Event IDs (ToString rather than numeric) and switched the date back to a short date string.

I'll let you play with the rest ;)

Chris

1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40:

#later : $machines=@("127.0.0.1","another_host") $machines=@("127.0.0.1") $Format=@{Expression={($_.Date).ToShortDateString()};Label="Date";width=21},` @{Expression={($_.EventID).ToString()};Label="EventID";width=7},` @{Expression={$_.Source};Label="Index";width=25},` @{Expression={$_.Message};Label="Message"}, ` @{Expression={$_.Count};Label="Count";width=7} ForEach ($machine in $machines) { echo "***************************************************************" echo $machine $logs=[System.Diagnostics.EventLog]::GetEventLogs($machine) Foreach ($log in $logs) { $Entrees = $log.Entries | Where-Object {$_.EntryType -eq "Error"} # Sort the List by Date then Event ID $Entrees = $Entrees | Select-Object @{n='Date';e={ (Get-Date($_.TimeGenerated)).Date }}, ` EventID, Source, Message | Sort-Object @{e='Date';Descending=$True}, @{e='EventID';Ascending=$True} $Temp = @() ForEach ($Object in ($Entrees | Select-Object -Property Date, EventID, Source, Message -Unique)) { $Temp += $Object | Select-Object *, ` @{n='Count';e={ $Entries = $Entrees | ?{ $_.EventID -eq $Object.EventID -And $_.Date -eq $Object.Date }; ` If ($Entries.Count) { $Entries.Count } Else { 1 } } } } $Entrees = $Temp If ($Entrees) { Echo $log.LogDisplayName Echo "------------------------------------------------------------------------------" # Pick the first 10 in the list (will be the most recent) $Entrees | Select-Object -First 10 | FT -Wrap $Format } } }

Open in New Window Select All