Get-WinEvent

Get-WinEvent is a Powershell Module and powerful tool that can be used to view and gather more information about logs in Windows. This function can be used to return a large variety of logs and can be tuned to provide a highly streamlined output. Powershell must be run as an administrator in order to successfully use the Get-WinEvent function. What2Log uses this as the primary command line tool for Windows Logs in the Log Pile.

The FilterHashTable function is the best way to specify what you want the command to return. FilterHashTable can be used to specify specific log channels and Event Id's as well as specify date and time ranges.

Another function that is useful is the -MaxEvents tag, which lets the user specify the number of events it wants returned. Without this tag, Get-WinEvent will return every matching record. For brevity sake, screenshots provided of logs will include this tag, but it is optional on the users end.

In order to get a full log and its related info, add the function of Format-List and Get-WinEvent will print the entire log. This qualifier is added to logs shown in What2Log to allow for a further education on the logs.