< Back
Get-LogInsightConstraint
Post
NAME Get-LogInsightConstraint
SYNOPSIS
Create a constraint
SYNTAX
Get-LogInsightConstraint [[-Field] <String>] [[-Operator] <String>] [[-Value] <PSObject>] [<CommonParameters>]
DESCRIPTION
Create a constraint that can be used on the Constraint parameter of the Get-LogInsightEvent cmdlet.
Constraints are basically filters that allow you to specify which events are returned.
If you specify multiple constraints, they are OR-ed together.
If you specify multiple constraints on the same field, those constraints are AND-ed together.
PARAMETERS
-Field [<String>]
This defines on which property of the event the constraint will be applied.
These fields can be:
text or timestamp
Any static field
A field defined in a content pack (see also ContentPack)
Required? false
Position? 0
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Operator [<String>]
The 'operation' that will be applied on the Field.
Operators can be numeric, string or DateTime operators, or a test for the existance of a spcific field.
Numeric operators can be applied to fields that contain numbers
The 'numeric' operators are
= the 'equals' operator
!= the 'not-equals' operator
< the 'less-than' operator
<= the 'less-than-or-equals' operator
> the 'larger-than' operator
>= the 'larger-than-or-equals' operator
String operators are case-insensitive filters that can be applied
to text fields
The 'string' operators are
CONTAINS checks if a text field contains a value
NOT_CONTAINS checks if a text field does not contain a value
HAS checks if a field contains every white-space delimited
token in the value
NOT_HAS checks if a text field does not contain all of the tokens in the value
MATCHES_REGEX checks if a text field matches a regular expression
NOT_MATCHES_REGEX checks if a text field does not match a regular expression
For a DateTime field the LAST operator selects a time range in milliseconds relative to the current time.
The test for the existance of a field uses the EXISTS operator. For this constraint there is no Value
parameter.
Required? false
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Value [<PSObject>]
The Value that is used to select the events.
This combines with the Field and Operator parameters.
Required? false
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
OUTPUTS
System.Object
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-LogInsightConstraint -Field 'text' -Operator CONTAINS -Value 'error'
All events where the text field contains the text 'error'
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-LogInsightConstraint -Field 'timestamp' -Operator GE -Value (Get-Date).AddHours(-1)
Creates a constraint the says all events with a timestamp in the last hour
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>$constraint = (Get-LogInsightConstraint -Field 'timestamp' -Operator GE -Value $start),
(Get-LogInsightConstraint -Field 'timestamp' -Operator LT -Value $start.AddMinutes(10))
These constraints are for the same field, the constraints will be AND-ed together.
The combination of both will create a constraint that will collect events from the point in time in $start, and
that for an interval of 10 minutes.
RELATED LINKS
SYNOPSIS
Create a constraint
SYNTAX
Get-LogInsightConstraint [[-Field] <String>] [[-Operator] <String>] [[-Value] <PSObject>] [<CommonParameters>]
DESCRIPTION
Create a constraint that can be used on the Constraint parameter of the Get-LogInsightEvent cmdlet.
Constraints are basically filters that allow you to specify which events are returned.
If you specify multiple constraints, they are OR-ed together.
If you specify multiple constraints on the same field, those constraints are AND-ed together.
PARAMETERS
-Field [<String>]
This defines on which property of the event the constraint will be applied.
These fields can be:
text or timestamp
Any static field
A field defined in a content pack (see also ContentPack)
Required? false
Position? 0
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Operator [<String>]
The 'operation' that will be applied on the Field.
Operators can be numeric, string or DateTime operators, or a test for the existance of a spcific field.
Numeric operators can be applied to fields that contain numbers
The 'numeric' operators are
= the 'equals' operator
!= the 'not-equals' operator
< the 'less-than' operator
<= the 'less-than-or-equals' operator
> the 'larger-than' operator
>= the 'larger-than-or-equals' operator
String operators are case-insensitive filters that can be applied
to text fields
The 'string' operators are
CONTAINS checks if a text field contains a value
NOT_CONTAINS checks if a text field does not contain a value
HAS checks if a field contains every white-space delimited
token in the value
NOT_HAS checks if a text field does not contain all of the tokens in the value
MATCHES_REGEX checks if a text field matches a regular expression
NOT_MATCHES_REGEX checks if a text field does not match a regular expression
For a DateTime field the LAST operator selects a time range in milliseconds relative to the current time.
The test for the existance of a field uses the EXISTS operator. For this constraint there is no Value
parameter.
Required? false
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Value [<PSObject>]
The Value that is used to select the events.
This combines with the Field and Operator parameters.
Required? false
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
OUTPUTS
System.Object
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-LogInsightConstraint -Field 'text' -Operator CONTAINS -Value 'error'
All events where the text field contains the text 'error'
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-LogInsightConstraint -Field 'timestamp' -Operator GE -Value (Get-Date).AddHours(-1)
Creates a constraint the says all events with a timestamp in the last hour
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>$constraint = (Get-LogInsightConstraint -Field 'timestamp' -Operator GE -Value $start),
(Get-LogInsightConstraint -Field 'timestamp' -Operator LT -Value $start.AddMinutes(10))
These constraints are for the same field, the constraints will be AND-ed together.
The combination of both will create a constraint that will collect events from the point in time in $start, and
that for an interval of 10 minutes.
RELATED LINKS