none
Powershell: Trouble with merging two event logs while saving the results to a .csv file RRS feed

  • Question

  • I've been trying to retrieve the newest 20 entries in both the Application and Security event logs and then merge the two results together in a new .csv file. 
    • Moved by Bill_Stewart Friday, March 9, 2018 7:42 PM This is not "scripts on demand"
    Sunday, December 10, 2017 2:51 AM

All replies

  • Can you post your code along with the errors your are getting?

    \_(ツ)_/

    Sunday, December 10, 2017 2:54 AM
  • Get-WinEvent -LogName Application,Security -MaxEvents 20 | Export-Csv log.csv

    \_(ツ)_/


    • Proposed as answer by BOfH-666 Sunday, December 10, 2017 3:22 AM
    • Edited by jrv Sunday, December 10, 2017 3:33 AM
    Sunday, December 10, 2017 2:56 AM
  • yeah so basically i tried putting this in as my script.

    Get-EventLog -LogName Application,Security -Newest 20 | Export-Csv test.csv

    and i got and error saying  

    Get-EventLog : Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'LogName'. 
    Specified method is not supported.
    At line:1 char:23
    + Get-EventLog -LogName Application,Security -Newest 20 | Export-Csv te ...
    +                       ~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Get-EventLog], ParameterBindingException
        + FullyQualifiedErrorId : CannotConvertArgument,Microsoft.PowerShell.Commands.GetEventLogCommand

    Sunday, December 10, 2017 3:22 AM
  • Get-Eventlog is obsolete.  We don't use in for systems post-Vista.


    \_(ツ)_/

    Sunday, December 10, 2017 3:23 AM
  • oh thanks for the information. ok so i tried it with get-winevent instead of get-eventlog

    and the error now says

    Get-WinEvent : A parameter cannot be found that matches parameter name 'Newest'.
    At line:1 char:44
    + Get-WinEvent -LogName Application,Security -Newest 20 | Export-Csv te ...
    +                                            ~~~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Get-WinEvent], ParameterBindingException
        + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.GetWinEventCommand

    Sunday, December 10, 2017 3:27 AM
  • Please use the code I posted.  If you keep changing things for no reason we cannot help you.


    \_(ツ)_/

    Sunday, December 10, 2017 3:29 AM
  • ok i tried the one given still no success
    Sunday, December 10, 2017 3:30 AM
  • Get-WinEvent : A positional parameter cannot be found that accepts argument '20'.
    At line:1 char:1
    + Get-WinEvent -LogName Application,Security-MaxEvents 20 | Export-Csv  ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Get-WinEvent], ParameterBindingException
        + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.GetWinEventCommand
    Sunday, December 10, 2017 3:31 AM
  • What does no success mean?

    Get-WinEvent -LogName Application,Security -MaxEvents 20 | Export-Csv log.csv


    \_(ツ)_/


    • Edited by jrv Sunday, December 10, 2017 3:33 AM
    Sunday, December 10, 2017 3:33 AM
  • it means your script you suggested failed to do anything.
    • Proposed as answer by jrv Sunday, December 10, 2017 3:40 AM
    Sunday, December 10, 2017 3:39 AM
  • It woks fine for the rest of use.  Did you look in the CSV file?


    \_(ツ)_/

    Sunday, December 10, 2017 3:40 AM
  • Im trying to create a script that will retrieve the last 20 entries in the Application and Security event logs. The log entries should be merged and saved in a single .csv file named RecentLogsExtract.csv when run.
    • Edited by forexams1 Sunday, December 10, 2017 2:25 PM
    • Merged by Bill_Stewart Monday, December 11, 2017 1:48 PM Duplicate
    Sunday, December 10, 2017 2:23 PM
  • please share your script so we can help.

    You can use -Append parameter for saving Events in a single CVS file or you can add two Variables having different logs.

    Sunday, December 10, 2017 2:32 PM
  • so basically like this?

    "get-eventlog -logname "application","security"

    and then what next?

    Sunday, December 10, 2017 2:37 PM
  • First thing, you cannot provide 2 log Name for this Cmdlet to run. It will give you error.

    PS F:\> help get-eventlog -Parameter logname
    
    -LogName <String>
        Specifies the event log.  Enter the log name (the value of the Log property; not the LogDisplayName) of one event
        log. Wildcard characters are not permitted. This parameter is required.
    
        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?       false
        Accept wildcard characters?  false
    

    Script you are looking for is

    Get-Eventlog -logname Application -Newest 20 | export-csv C:\eventlogs.csv -Notypeinformation -Append
    
    Get-Eventlog -logname Security -Newest 20 | export-csv C:\eventlogs.csv -Notypeinformation -Append
    
    

    You will get the result in Eventlog.csv saved in C drive.

    Please do not Forget to Mark AS Answer if it answer your query

    Sunday, December 10, 2017 2:50 PM
  • thank you so much. It saved the information onto the C drive as expected. I only have one other question. How do i get the information of the both event logs to show up in powershell after the script runs?
    Sunday, December 10, 2017 4:14 PM
  • Again - this gets the same results:

    Get-WinEvent -LogName Application,Security -MaxEvents 20 | Export-Csv log.csv

    The OP has trouble copying code and running it due to no knowledge of PowerShell.

    To get exactly 20 from each:

    $results = Get-WinEvent -LogName Application-MaxEvents 20
    $results +=
    Get-WinEvent -LogName Security -MaxEvents 20
    $results
     | Export-Csv log.csv

    Don't use Get-EventLog as it does not know how to correctly read the new even log format.


    \_(ツ)_/




    • Edited by jrv Sunday, December 10, 2017 7:16 PM
    Sunday, December 10, 2017 7:13 PM