为什么在日期之后获取事件时 Get-WinEvent 比 Get-EventLog 慢? [英] Why is Get-WinEvent slower than Get-EventLog when getting events after a date?

问题描述

在特定日期后检索事件时，Get-WinEvent 似乎比 Get-EventLog 慢:

When retrieving events after a specific date Get-WinEvent seems to be slower than Get-EventLog:

$SourceComputer = "MyServer"
$LogName = "Security"
$StartDate = (get-date).AddMinutes(-30)
$hashquery = @{logname=$LogName; StartTime=$StartDate}
(Measure-Command -Expression {Get-WinEvent -ComputerName $SourceComputer -FilterHashTable $hashquery}).TotalSeconds
(Measure-Command -Expression {Get-EventLog -Computer $SourceComputer -LogName $Logname -After $StartDate}).TotalSeconds

输出:

Get-WinEvent: 128.8475308
Get-EventLog: 4.5299092

这看起来很奇怪，因为 Get-WinEvent 应该比旧的 Get-EventLog 函数执行得更好.我做错了什么吗?

This seems odd since Get-WinEvent is supposed to perform better that the older Get-EventLog function. Am I doing something wrong?

推荐答案

...Get-WinEvent 应该比旧的表现更好获取事件日志...

...Get-WinEvent is supposed to perform better that the older Get-EventLog...

对于大多数参数，这是正确的.Get-WinEvent 比 Get-EventLog 快，因为 Get-EventLog 抓取整个 EventLog，然后本地过滤.

With most parameters, this is correct. Get-WinEvent is faster than Get-EventLog, because Get-EventLog grabs the entire EventLog, then locally filters.

然而，Get-WinEvent 确实有一些警告，第一个是 -FilterHashtable，它有一个 很少 错误.

However, Get-WinEvent does have a few caveats, the first being -FilterHashtable which has a few bugs.

第二个是 -FilterHashtable 非常慢，根据 博客文章 由 Ansgar Wiechers 引用.建议使用 -FilterXML

The second being that -FilterHashtable is very slow as per the bottom of the blog post cited by Ansgar Wiechers. The recommendation is to use -FilterXML

这篇关于为什么在日期之后获取事件时 Get-WinEvent 比 Get-EventLog 慢?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！