0
0
PowerShellscripting~5 mins

Event log reading in PowerShell - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Recall & Review
beginner
What is the PowerShell cmdlet used to read Windows event logs?
The cmdlet is <code>Get-EventLog</code>. It lets you read entries from Windows event logs like Application, System, and Security.
Click to reveal answer
beginner
How do you specify which event log to read in PowerShell?
Use the -LogName parameter with Get-EventLog. For example, Get-EventLog -LogName System reads the System log.
Click to reveal answer
beginner
What parameter limits the number of event log entries returned?
The -Newest parameter limits how many recent entries you get. For example, -Newest 10 returns the last 10 events.
Click to reveal answer
intermediate
How can you filter event logs by event ID in PowerShell?
Use the -InstanceId parameter with Get-EventLog. For example, Get-EventLog -LogName Application -InstanceId 1000 shows events with ID 1000.
Click to reveal answer
intermediate
What is a simple way to read event logs and display only the message and time generated?
You can pipe Get-EventLog to Select-Object like this: Get-EventLog -LogName System -Newest 5 | Select-Object TimeGenerated, Message. This shows only the time and message of the last 5 events.
Click to reveal answer
Which cmdlet reads Windows event logs in PowerShell?
AShow-Log
BRead-Event
CGet-EventLog
DFetch-Event
How do you get the last 20 entries from the System log?
AGet-EventLog -LogName System -Newest 20
BGet-EventLog -LogName System -Last 20
CGet-EventLog -System -Count 20
DGet-EventLog -Log System -Top 20
Which parameter filters events by event ID?
A-EventId
B-Id
C-FilterId
D-InstanceId
What does this command do? Get-EventLog -LogName Application | Select-Object TimeGenerated, Message
AShows all Application events with only time and message
BDeletes Application events
CCreates a new event log
DFilters events by time
Which log name is NOT a default Windows event log?
ASystem
BUserEvents
CSecurity
DApplication
Explain how to read the last 10 entries from the System event log using PowerShell.
Think about the cmdlet and parameters to specify log and number of entries.
You got /4 concepts.
    Describe how to filter event log entries by event ID in PowerShell.
    Which parameter helps select events by their ID?
    You got /3 concepts.