Windows 10

Flynn Weeks

Flynn Weeks

April 21, 2022

Get-WinEvent is a Powershell Module that is a powerful tool that can be used to view and gather more information about logs in Windows. This function can be used to return a large variety of logs and can be tuned to provide a highly streamlined output. Powershell must be run as an administrator in order to successfully use the Get-WinEvent function. What2Log uses this as the primary command line tool for Windows Logs in the Log Pile.

The FilterHashTable function is the best way to specify what you want the command to return. FilterHashTable can be used to specify specific channels and Event Id's as well as specify date and time ranges.

Another function that is useful is the -MaxEvents tag, which lets the user specify the number of events it wants returned. Without this tag, Get-WinEvent will return every matching record. For brevity sake, screenshots provided of logs will include this tag, but it is optional on the users end.

In order to get a full log and its related info, add the function of Format-List and Get-WinEvent will print the entire log.