Often, you might want to browse all system events around a given date. Let's say a machine crashed at 08:47, and you'd like to see all events +/? 2 minutes around that time.
Here is a script that does It for you: | $deltaminutes = 2 | | $delta = New-TimeSpan -Minutes $deltaminutes | | | | $time = Read-Host -Prompt 'Enter time of event (yyyy-MM-dd HH:mm:ss or HH:mm)' | | | | $datetime = Get-Date -Date $time | | $start = $datetime - $delta | | $end = $datetime + $delta | | | | $result = @(Get-EventLog -LogName System -Before $end -After $start) | | $result += Get-EventLog -LogName Application -Before $end -After $start | | | | $result | Sort-Object -Property TimeGenerated -Descending | | | Out-GridView -Title "Events +/? $deltaminutes minutes around $datetime"COPY |
When you run it, it asks for a time or a date and time. Next, you get back all events that occurred within 2 minutes before and after in the system and application log.
http://powershell.com/cs/blogs/tips/archive/2014/03/09/finding-events-around-a-date.aspx | 
发表于 2014-3-12 15:15
|