0
0
PowershellHow-ToBeginner · 2 min read

PowerShell Script to Check Event Log Easily

Use Get-EventLog -LogName System -Newest 5 in PowerShell to check the latest 5 entries in the System event log.
📋

Examples

InputGet-EventLog -LogName System -Newest 1
OutputIndex Time EntryType Source InstanceID Message ----- ---- --------- ------ ---------- ------- 12345 Jun 10 10:00 Information Service Control Manager 7036 The Windows Update service entered the running state.
InputGet-EventLog -LogName Application -Newest 3
OutputIndex Time EntryType Source InstanceID Message ----- ---- --------- ------ ---------- ------- 54321 Jun 10 09:55 Error Application Error 1000 Faulting application name: example.exe, version: 1.0.0.0...
InputGet-EventLog -LogName Security -Newest 2
OutputIndex Time EntryType Source InstanceID Message ----- ---- --------- ------ ---------- ------- 67890 Jun 10 09:50 SuccessAudit Microsoft Windows security auditing 4624 An account was successfully logged on.
🧠

How to Think About It

To check event logs, decide which log you want (like System or Application), then use PowerShell's Get-EventLog command with the -LogName parameter and specify how many recent entries to see with -Newest. This lets you quickly view recent events without scrolling through the entire log.
📐

Algorithm

1
Choose the event log name you want to check (e.g., System, Application, Security).
2
Use the command to get the latest entries from that log.
3
Display the entries to the user.
💻

Code

powershell
Get-EventLog -LogName System -Newest 5 | Format-Table -AutoSize
Output
Index Time EntryType Source InstanceID Message ----- ---- --------- ------ ---------- ------- 12345 Jun 10 10:00 Information Service Control Manager 7036 The Windows Update service entered the running state. 12344 Jun 10 09:58 Warning Disk 51 The driver detected a controller error on \Device\Harddisk0\DR0. 12343 Jun 10 09:55 Error Service Control Manager 7000 The XYZ service failed to start due to the following error: The system cannot find the file specified. 12342 Jun 10 09:50 Information Kernel-General 12 The operating system started at system time ‎2024‎-‎06‎-‎10T07:50:00.000000000Z. 12341 Jun 10 09:45 Information Microsoft-Windows-Eventlog 104 The event logging service has shut down.
🔍

Dry Run

Let's trace checking the latest 2 entries from the Application log.

1

Select Log

User chooses 'Application' log.

2

Run Command

PowerShell runs: Get-EventLog -LogName Application -Newest 2

3

Display Output

Shows 2 most recent Application log entries.

IndexTimeEntryTypeSourceMessage
54321Jun 10 09:55ErrorApplication ErrorFaulting application name: example.exe...
54320Jun 10 09:50InformationAppModel-RuntimeThe application identity is...
💡

Why This Works

Step 1: Get-EventLog Command

The Get-EventLog cmdlet reads Windows event logs by specifying the log name.

Step 2: Newest Parameter

The -Newest option limits output to the most recent entries, making it easier to see current events.

Step 3: Output Formatting

Using Format-Table -AutoSize neatly arranges the output for easy reading.

🔄

Alternative Approaches

Using Get-WinEvent for more detailed logs
powershell
Get-WinEvent -LogName System -MaxEvents 5 | Format-Table -AutoSize
Get-WinEvent supports newer event logs and more filtering options but is slightly more complex.
Filtering by Event ID
powershell
Get-EventLog -LogName System -Newest 10 | Where-Object { $_.EventID -eq 7036 }
Filters events by specific ID to find particular event types.

Complexity: O(n) time, O(n) space

Time Complexity

The command reads through the event log entries, which can be large, so time grows linearly with the number of entries requested.

Space Complexity

Memory usage depends on how many entries are retrieved; limiting with -Newest keeps space usage low.

Which Approach is Fastest?

Using Get-EventLog with -Newest is fast for recent entries; Get-WinEvent offers more features but can be slower.

ApproachTimeSpaceBest For
Get-EventLog -NewestO(n)O(n)Quick recent event checks
Get-WinEvent -MaxEventsO(n)O(n)Detailed and newer event logs
Get-EventLog with filteringO(n)O(n)Specific event searches
💡
Use -Newest to quickly see the latest events without scrolling through the entire log.
⚠️
Beginners often forget to specify the -LogName, causing errors or no output.

Related by keyword

How to Get Event Log in PowerShell: Simple CommandsSystem AdministrationPowerShell Script to Check Armstrong NumberPowerShell Number ProgramsPowerShell Script to Check Even or Odd NumberPowerShell Number ProgramsPowerShell Script to Check Leap YearPowerShell Number ProgramsPowerShell Script to Check Palindrome NumberPowerShell Number Programs

Up next

PowerShell Script to Sort Lines in a FilePowerShell Script to Write Excel File EasilyPowerShell Script to Add User to Group EasilyPowerShell Script to Create Bulk Users from CSV File

More in PowerShell System Programs

PowerShell Script to Check CPU Usage EasilyPowerShell Script to Check Disk Space UsagePowerShell Script to Check if Port is OpenPowerShell Script to Check Installed Software List