以日期记录事件

我试图捕获特定日期的日志文件，无论我回去多少天，我都没有收到任何结果。以日期记录事件

Get-EventLog -LogName Application -EntryType Warning -Source MicrosoftDynamicsNAVClientWebClient | Select Message -ExpandProperty Message | Where { ($_.Message -match 'Shutdown') -and ($_.TimeGenerated -gt [datetime]::Today.AddDays('-1')) }

下面是日志文件的列表

Message              TimeGenerated            
-------              -------------            
Shutdown has occurred ...         1/18/2017 12:01:52 AM          
Shutdown has occurred ...         1/18/2017 12:01:52 AM          
Shutdown has occurred ...         1/18/2017 12:01:52 AM          
Shutdown has occurred ...         1/16/2017 7:01:53 PM          
Shutdown has occurred ...         1/16/2017 7:01:53 PM          
Shutdown has occurred ...         1/16/2017 7:01:53 PM          
Shutdown has occurred ...         1/15/2017 2:01:39 PM          
Shutdown has occurred ...         1/15/2017 2:01:39 PM          
Shutdown has occurred ...         1/15/2017 2:01:39 PM          
Shutdown has occurred ...         1/14/2017 1:58:47 PM          
Shutdown has occurred ...         1/14/2017 1:58:47 PM          
Shutdown has occurred ...         1/14/2017 1:58:47 PM          
Shutdown has occurred ...         1/13/2017 8:58:46 AM          
Shutdown has occurred ...         1/13/2017 8:58:46 AM          
Shutdown has occurred ...         1/13/2017 8:58:46 AM          
Shutdown has occurred ...         1/12/2017 3:58:45 AM          
Shutdown has occurred ...         1/12/2017 3:58:45 AM

来源

2017-01-19 JRN

你的问题是，你使用的Select cmdlet来扩大Message。那么当你试图在TimeGenerated上过滤那个属性是不存在的。如果您只需要这些消息，请在过滤后选择。

Get-EventLog -LogName Application -EntryType Warning -Source MicrosoftDynamicsNAVClientWebClient | Where { ($_.Message -match 'Shutdown') -and ($_.TimeGenerated -gt [datetime]::Today.AddDays(-1)) } | Select -ExpandProperty Message

来源

2017-01-19 14:55:16 BenH

我总是因为这个格式化错误而陷入困境。我一遍又一遍地犯这个错误。我猜它的秩序感让我感到不安，我喜欢事前正确地看到事情，而不是事后做好一切并进行格式化。谢谢你给我一些感觉。非常好，简洁的答案。 – JRN

以日期记录事件

回答

相关问题