< Back
Get-LogInsightEvent
Post
NAME Get-LogInsightEvent
SYNOPSIS
Retrieve Events from the Log INsight server
SYNTAX
Get-LogInsightEvent [-Constraint <String[]>] -Event <SwitchParameter> [-Limit <Int32>] [-Timeout <Int32>] [-Raw
<SwitchParameter>] [<CommonParameters>]
Get-LogInsightEvent [-Constraint <String[]>] -Aggregate <SwitchParameter> [-Limit <Int32>] [-Timeout <Int32>]
[-BinWidth <Int32>] [-Function <String>] [-Raw <SwitchParameter>] [<CommonParameters>]
DESCRIPTION
The cmdlet uses the Log Insight Query API to retrieve events from the Log Insight server.
The cmdlet can retrieve actual 'events' or 'aggregated events', also called 'bins'.
PARAMETERS
-Constraint [<String[]>]
An array with constraints.
A constraint is a condition to which the returned events have to comply.
See Get-LogInsightConstraint
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Event [<SwitchParameter>]
A switch that indicates that Events shall be returned.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Limit [<Int32>]
The maximum number of events or aggregated events that can be returned.
For events (Event) the maximum is 20000.
For aggregated events (Aggregate) the maximum is 2000
Required? false
Position? named
Default value 100 events
Accept pipeline input? false
Accept wildcard characters? false
-Timeout [<Int32>]
A timeout, in milliseconds, for the query.
If the query didn't complete within the timeout interval, the returned object's Complete property will be
$false.
Required? false
Position? named
Default value 30 seconds
Accept pipeline input? false
Accept wildcard characters? false
-Raw [<SwitchParameter>]
Hidden switch for debugging purposes.
If this switch is set, all DateTime values in the returned objects will be in the JSON DateTime format (Unix
Epoch).
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Aggregate [<SwitchParameter>]
A switch that indicates that aggregated events, also called bins, will be returned.
When aggregated events are selected, additional aggregate related parameters are available.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-BinWidth [<Int32>]
The time interval for a bin.
By default aggregated events are collected in 5 second intervals.
Required? false
Position? named
Default value 5000
Accept pipeline input? false
Accept wildcard characters? false
-Function [<String>]
A function that will be applied to the aggregated events.
The available functions are
COUNT: The count of the events in each bin is returned
SAMPLE: An arbitrary event from each bin is returned
UCOUNT: The count of unique values in the bin
MIN: The minimum value in the bin
MAX: The maximum value in the bin
SUM: The sum of the values in the bin
STDEV: The standard deviation of the values in the bin
VARIANCE: The variance of the values in the bin
Required? false
Position? named
Default value COUNT
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
OUTPUTS
System.Object
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-LogInsightEvent -Event
This will return 100 events from the last minute
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-LogInsightEvent -Aggregate -Function SAMPLE -BinWidth 60000
Returns aggregated events in bins.
Each bin has a 60 second width, and for each bin there will a random sample event included
RELATED LINKS
SYNOPSIS
Retrieve Events from the Log INsight server
SYNTAX
Get-LogInsightEvent [-Constraint <String[]>] -Event <SwitchParameter> [-Limit <Int32>] [-Timeout <Int32>] [-Raw
<SwitchParameter>] [<CommonParameters>]
Get-LogInsightEvent [-Constraint <String[]>] -Aggregate <SwitchParameter> [-Limit <Int32>] [-Timeout <Int32>]
[-BinWidth <Int32>] [-Function <String>] [-Raw <SwitchParameter>] [<CommonParameters>]
DESCRIPTION
The cmdlet uses the Log Insight Query API to retrieve events from the Log Insight server.
The cmdlet can retrieve actual 'events' or 'aggregated events', also called 'bins'.
PARAMETERS
-Constraint [<String[]>]
An array with constraints.
A constraint is a condition to which the returned events have to comply.
See Get-LogInsightConstraint
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Event [<SwitchParameter>]
A switch that indicates that Events shall be returned.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Limit [<Int32>]
The maximum number of events or aggregated events that can be returned.
For events (Event) the maximum is 20000.
For aggregated events (Aggregate) the maximum is 2000
Required? false
Position? named
Default value 100 events
Accept pipeline input? false
Accept wildcard characters? false
-Timeout [<Int32>]
A timeout, in milliseconds, for the query.
If the query didn't complete within the timeout interval, the returned object's Complete property will be
$false.
Required? false
Position? named
Default value 30 seconds
Accept pipeline input? false
Accept wildcard characters? false
-Raw [<SwitchParameter>]
Hidden switch for debugging purposes.
If this switch is set, all DateTime values in the returned objects will be in the JSON DateTime format (Unix
Epoch).
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Aggregate [<SwitchParameter>]
A switch that indicates that aggregated events, also called bins, will be returned.
When aggregated events are selected, additional aggregate related parameters are available.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-BinWidth [<Int32>]
The time interval for a bin.
By default aggregated events are collected in 5 second intervals.
Required? false
Position? named
Default value 5000
Accept pipeline input? false
Accept wildcard characters? false
-Function [<String>]
A function that will be applied to the aggregated events.
The available functions are
COUNT: The count of the events in each bin is returned
SAMPLE: An arbitrary event from each bin is returned
UCOUNT: The count of unique values in the bin
MIN: The minimum value in the bin
MAX: The maximum value in the bin
SUM: The sum of the values in the bin
STDEV: The standard deviation of the values in the bin
VARIANCE: The variance of the values in the bin
Required? false
Position? named
Default value COUNT
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
OUTPUTS
System.Object
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-LogInsightEvent -Event
This will return 100 events from the last minute
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-LogInsightEvent -Aggregate -Function SAMPLE -BinWidth 60000
Returns aggregated events in bins.
Each bin has a 60 second width, and for each bin there will a random sample event included
RELATED LINKS