This project is read-only.

NAME
New-EventLogQuery

SYNOPSIS
Creates a new EventLogQuery object based on the information specified.

SYNTAX
New-EventLogQuery [-LogName] <String> [[-Query] <String>] [[-PathType] {LogName | FilePath}] [<CommonParameters>]


DESCRIPTION
The New-EventLogQuery function creates a new EventLogQuery object
[System.Diagnostics.Eventing.Reader.EventLogQuery] based on the information specified by the input parameters.
The resulting object can be used for creating an EventLogWatcher.


PARAMETERS
-LogName <String>
The name of the event log to query, or the path to the event log file to query.

Required? true
Position? 1
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters?

-Query <String>
The event query used to retrieve events that match the query conditions.

DEFAULT = "*"

Required? false
Position? 2
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters?

-PathType
Specifies whether the string used in the path parameter specifies the name of an event log, or the path to an
event log file.

DEFAULT = [System.Diagnostics.Eventing.Reader.PathType]::LogName

Required? false
Position? 3
Default value
Accept pipeline input? true (ByPropertyName)
Accept wildcard characters?

<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer and OutVariable. For more information, type,
"get-help about_commonparameters".


-------------------------- EXAMPLE 1 --------------------------

C:\PS>$EventLogQuery = New-EventLogQuery "Application"


Description
-----------
This example creates a EventLogQuery object for all events in the Application Log.





-------------------------- EXAMPLE 2 --------------------------

C:\PS>$EventLogQuery = New-EventLogQuery "Security" -query "*[System[(EventID=4740)]]"


Description
-----------
This example uses an XPATH query to create an EventLogQuery object for all events with Event ID 4740 from the
Security Log.





-------------------------- EXAMPLE 3 --------------------------

C:\PS>$EventLogQuery = New-EventLogQuery "ForwardedEvents"


Description
-----------
This example creates a EventLogQuery object for all events in the subscribed to in the ForwardedEvents Log.

Last edited Jun 15, 2011 at 10:28 PM by sgrinker, version 2

Comments

No comments yet.