Get-WinEvent启动和结束日期不过滤记录 [英] Get-WinEvent start and end dates not filtering records

查看:410
本文介绍了Get-WinEvent启动和结束日期不过滤记录的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

get-winevent的开始和结束日期不是过滤记录。有谁能告诉我为什么?我期望从最近2天的事件中的代码,但我得到的日期可以追溯到2010年(我的Windows时钟日期是正确的)

  [String] $ ComputerName = $ env:COMPUTERNAME#当前计算机
 [String []] $ EventLogNames = @(Application,System)#主要事件日志
 [System.DateTime []] $ EventStartDate =(((Get-Date).addDays(-2))。date)#date 10天前
 [System.DateTime []] $ EventEndTime =(Get-Date)
 
 $ EventCritea = @ {logname = $ EventLogNames;开始时间= $ EventStartDate; EndTime = $ EventEndTime} 
 Get-WinEvent -ComputerName $ ComputerName -FilterHashTable $ EventCritea -ErrorAction SilentlyContinue


解决方案

您的脚本中的错误是您的开始和结束日期/时间的类型 - 它们被声明为数组。



更改

  [System.DateTime []] $ EventStartDate =(((Get-Date).addDays(-2))。日期)
 [System.DateTime []] $ EventEndTime =(Get-Date)

$($)

  [System.DateTime] $ EventStartDate =(((Get-Date).addDays(-2))。date) 
 [System.DateTime] $ EventEndTime =(Get-Date)

或完全省略

  $ EventStartDate =(((Get-Date).addDays(-2))。date)
 $ EventEndTime =(Get-Date)


The get-winevent start and end dates are not filtering records. Can anyone tell me why? I expect from the code below the last 2 days events but i gets dates going back to 2010 (my Windows clock date is correct)

[String]$ComputerName = $env:COMPUTERNAME#Current computer 
[String[]]$EventLogNames=@("Application","System")#Main eventlogs 
[System.DateTime[]]$EventStartDate = (((Get-Date).addDays(-2)).date)#date 10 days ago 
[System.DateTime[]]$EventEndTime = (Get-Date)

$EventCritea = @{logname = $EventLogNames; StartTime=$EventStartDate; EndTime=$EventEndTime}
Get-WinEvent -ComputerName $ComputerName -FilterHashTable $EventCritea  -ErrorAction SilentlyContinue

解决方案

The error in your script is the type of your start and end date/time - they are declared as arrays.

Change

[System.DateTime[]]$EventStartDate = (((Get-Date).addDays(-2)).date)
[System.DateTime[]]$EventEndTime = (Get-Date)

to

[System.DateTime]$EventStartDate = (((Get-Date).addDays(-2)).date)
[System.DateTime]$EventEndTime = (Get-Date)

or omit them altogether

$EventStartDate = (((Get-Date).addDays(-2)).date)
$EventEndTime = (Get-Date)

这篇关于Get-WinEvent启动和结束日期不过滤记录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
开发方法最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆