与PowerShell一起使用时发生Logparser错误 [英] Logparser error when used with PowerShell

问题描述

我正在尝试在PowerShell中使用Log Parser将Windows Evtx日志文件导出为CSV:

I'm trying to use Log Parser within PowerShell to export a Windows Evtx log file to CSV:

$logparser = "c:\program files (x86)\Log Parser 2.2\logparser.exe"
$allArgs = ("SELECT * INTO c:\logs\logs.csv FROM c:\logs\logs.evtx", "-i:evt", "-o:csv")
$ps = Start-Process -FilePath $logparser -ArguementList $allArgs -Wait -Passthru -NoNewWindow;
$ps.WaitForExit()
$ps.ExitCode;

但是当我运行它时，我得到一个错误:

But when I run this I get an error:

错误:查询后检测到额外的参数"*"

Error: detected extra argument "*" after query

错误代码为13.我尝试将路径放在单引号中，并从与日志相同的目录中运行它，但它始终返回相同的错误.

The error code is 13. I tried putting the paths in single quotes and running it from the same directory as the logs but it keeps returning the same error.

推荐答案

您需要保留查询字符串周围的双引号，否则生成的进程将不会将其识别为单个参数.

You need to preserve the double quotes around the query string, otherwise it won't be recognized as a single argument by the spawned process.

将查询字符串(带双引号)放在单引号中可能会起作用:

Putting the query string (with double quotes) in single quotes might work:

$allArgs = '"SELECT * INTO c:\logs\logs.csv FROM c:\logs\logs.evtx"',
           "-i:evt",
           "-o:csv"

但是，更简单的解决方法是完全避免Start-Process并改用调用运算符(&):

However, a much simpler solution to the problem would be to avoid Start-Process entirely and use the call operator (&) instead:

$logparser = "c:\program files (x86)\Log Parser 2.2\logparser.exe"
$query = "SELECT * INTO c:\logs\logs.csv FROM c:\logs\logs.evtx"

& $logparser -i:evt -o:csv $query

这篇关于与PowerShell一起使用时发生Logparser错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！