0
0
PowershellHow-ToBeginner · 3 min read

How to Get Event Log in PowerShell: Simple Commands

Use the Get-EventLog cmdlet in PowerShell to retrieve event logs from your system. For example, Get-EventLog -LogName Application fetches entries from the Application log.
📐

Syntax

The basic syntax to get event logs in PowerShell is:

  • Get-EventLog -LogName <LogName>: Retrieves events from the specified log.
  • -Newest <Number>: Limits the output to the most recent events.
  • -EntryType <Type>: Filters events by type like Error, Warning, or Information.
powershell
Get-EventLog -LogName Application -Newest 10 -EntryType Error
💻

Example

This example shows how to get the 5 most recent error events from the System log.

powershell
Get-EventLog -LogName System -EntryType Error -Newest 5 | Format-Table TimeGenerated, Source, EventID, Message -AutoSize
Output
TimeGenerated Source EventID Message ------------- ------ ------- ------- 4/26/2024 10:15:23 AM Service Control Manager 7000 The service failed to start. 4/26/2024 9:50:11 AM Disk 7 The device, \\.\PHYSICALDRIVE0, has a bad block. 4/25/2024 8:30:45 PM Tcpip 4226 TCP/IP has reached the security limit. 4/25/2024 7:15:00 PM Service Control Manager 7009 Timeout waiting for service. 4/25/2024 6:45:12 PM Application Error 1000 Faulting application name: example.exe
⚠️

Common Pitfalls

Common mistakes when getting event logs include:

  • Using incorrect log names like ApplicationLog instead of Application.
  • Not running PowerShell as Administrator, which may limit access to some logs.
  • Expecting Get-EventLog to work with newer Windows event logs like Microsoft-Windows-* which require Get-WinEvent.
powershell
## Wrong: Incorrect log name
Get-EventLog -LogName ApplicationLog

## Right: Correct log name
Get-EventLog -LogName Application
📊

Quick Reference

ParameterDescription
-LogNameName of the event log (e.g., Application, System, Security)
-NewestNumber of latest events to retrieve
-EntryTypeFilter by event type: Error, Warning, Information
-SourceFilter events by source application or service
-AfterGet events after a specific date/time
-BeforeGet events before a specific date/time

Key Takeaways

Use Get-EventLog with the correct log name to retrieve Windows event logs.
Run PowerShell as Administrator to access all event logs.
Use parameters like -Newest and -EntryType to filter results.
For newer event logs, consider using Get-WinEvent instead.
Always verify log names to avoid errors.

Related by keyword

PowerShell Script to Check Event Log EasilyPowerShell System ProgramsPowerShell 5 vs PowerShell 7: Key Differences and When to Use EachGetting StartedHow to Copy File in PowerShell: Simple Commands and ExamplesFile OperationsHow to Create a File in PowerShell: Simple Commands and ExamplesFile OperationsHow to List Files in PowerShell: Simple Commands and ExamplesFile Operations

Up next

How to Use While Loop in PowerShell: Syntax and ExamplesWhat is Execution Policy in PowerShell: Simple Explanation and UsageHow to Add User to AD Group with PowerShellHow to Create an AD User with PowerShell Quickly

More in System Administration

How to Get Process in PowerShell: Simple Commands and ExamplesHow to Get Service in PowerShell: Syntax and ExamplesHow to Install a Module in PowerShell Quickly and EasilyHow to Manage User Accounts with PowerShell Commands