Concept Flow - Event log reading
Start script
Define event log source
Read events from log
Filter or select events
Display or process events
End script
This flow shows how a PowerShell script reads events from a Windows event log step-by-step.
0
0
Event log reading in PowerShell - Step-by-Step Execution
Execution Sample
PowerShell
Get-EventLog -LogName System -Newest 3 | Select-Object TimeGenerated, EntryType, MessageThis command reads the 3 newest events from the System log and shows their time, type, and message.
Execution Table
| Step | Action | Evaluation | Result |
|---|---|---|---|
| 1 | Start script | Script begins running | Ready to read event log |
| 2 | Define event log source | LogName = System | System log selected |
| 3 | Read events | Get-EventLog fetches newest 3 events | 3 event objects retrieved |
| 4 | Select properties | Select TimeGenerated, EntryType, Message | Filtered event details ready |
| 5 | Display output | Output event details to console | Shows 3 events with time, type, message |
| 6 | End script | No more commands | Script finishes |
💡 All requested events read and displayed, script ends
Variable Tracker
| Variable | Start | After Step 3 | After Step 4 | Final |
|---|---|---|---|---|
| $events | null | 3 event objects | 3 filtered event objects | 3 filtered event objects |
Key Moments - 3 Insights
Why do we use Select-Object after Get-EventLog?
Select-Object picks only the needed event details (TimeGenerated, EntryType, Message) for clearer output, as shown in step 4 of the execution table.
What does -Newest 3 do in Get-EventLog?
-Newest 3 tells PowerShell to get only the latest 3 events from the log, limiting the output size (step 3).
Can we read other logs besides System?
Yes, you can change -LogName to Application, Security, or any available log, similar to step 2.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the result after step 3?
💡 Hint
Check the 'Result' column for step 3 in the execution_table.
At which step does the script limit the number of events read?
💡 Hint
Look at the 'Action' and 'Evaluation' columns in step 3 for the event count.
If we remove Select-Object, how would the output change?
💡 Hint
Refer to step 4 where Select-Object filters properties.
Concept Snapshot
PowerShell reads Windows event logs with Get-EventLog. Use -LogName to pick the log (e.g., System). Use -Newest to limit events read. Select-Object filters event details. Output shows event time, type, and message. Simple script to check recent system events.
Full Transcript
This PowerShell script reads the newest 3 events from the System event log. It starts by selecting the System log, then fetches the latest 3 events. Next, it filters each event to show only the time generated, entry type, and message. Finally, it displays these details on the screen and ends. This process helps users quickly see recent important events without extra details.