Hi, I need to search event logs for the last 30 days and sort by Event ID to see the top errors by event ID.
Server | Event ID | Event ID Description | Qty
Any pointers on the best cmdlet to use in Powershell ?
Thanks
1 Like
Sure, you can start with the code below which has an output like this:
Normally I don’t have time to write up code like this but today I was able to do so. PowerShell code is below:
# Setup variables
$Server = hostname
$30DaysAgo = (Get-Date).AddDays(-30)
# Get error events in the last 30 days from system
$Events = Get-EventLog -LogName System -After $30DaysAgo -EntryType Error
# Group them, get their description, add the server name
$GroupedEvents = $Events | Group-Object -Property InstanceId | Select-Object -Property Count, @{n='Server';e={$Server}}, @{n='Event ID';e={$_.Name}}, @{n='Description';e={$_.Group[0].Message}} | Sort-Object -Property Count -Descending
# Output grouped events
$GroupedEvents
I am guessing you want to be able to run this remotely? If so I would wrap it inside of a function that accepts a target computer.
1 Like
Amazing! Thank you! 
1 Like
Where would I add Export-Csv command in this code?
1 Like
Just pipe $GroupedEvents to the Export-CSV command like:
$GroupedEvents | Export-CSV -Path "c:\events.csv" -NoTypeInformation
The no type information removes the first line of the CSV that nobody cares about generally.
1 Like
Awesome, thanks Paul.
1 Like