< Back
ConvertFrom-EventLogRecord
Post
NAME ConvertFrom-EventLogRecord
SYNOPSIS
This function converts EventLogRecords into human readable output.
SYNTAX
ConvertFrom-EventLogRecord [-Events] <EventLogRecord[]> [[-EventRecordType] {PrintDocument | SystemRestartEvent |
LogonFailureEvent | OSVersionFromEvent | RemoteLogonEvent | ServiceEvent | GPOProcessingEvent | KMSClientEvent |
KMSHostEvent | KMSHostLicenseCheckEvent}] [[-GroupPolicy] <Object[]>] [<CommonParameters>]
DESCRIPTION
This function converts EventLogRecords into human readable output.
PARAMETERS
-EventRecordType <String>
Specifies the event record type which, in turn, determines the custom type and therefore the default
properties of the output.
Required? false
Position? 1
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Events <EventLogRecord[]>
One or more EventLogRecord objects.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByValue)
Accept wildcard characters? false
-GroupPolicy <Object[]>
Provide the function all group policy objects in order to have the friendly name presented in the event
output. Usually, this can be set to 'Get-GPO -All'.
Required? false
Position? 2
Default value None
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.Diagnostics.Eventing.Reader.EventLogRecord[]
OUTPUTS
System.Object
NOTES
-------------------------- Example 1 --------------------------
PS C:\\> Get-WinEvent -LogName System -MaxEvents 5 | ConvertFrom-EventLogRecord
-------------------------- Example 2 --------------------------
PS C:\\> Get-WinEvent FilterHashTable = @{ProviderName = "Service Control Manager"} -MaxEvents 5 |
ConvertFrom-EventLogRecord -EventRecordType ServiceEvent
RELATED LINKS
Online Version: https://powershell.anovelidea.org/modul ... ecord.html
SYNOPSIS
This function converts EventLogRecords into human readable output.
SYNTAX
ConvertFrom-EventLogRecord [-Events] <EventLogRecord[]> [[-EventRecordType] {PrintDocument | SystemRestartEvent |
LogonFailureEvent | OSVersionFromEvent | RemoteLogonEvent | ServiceEvent | GPOProcessingEvent | KMSClientEvent |
KMSHostEvent | KMSHostLicenseCheckEvent}] [[-GroupPolicy] <Object[]>] [<CommonParameters>]
DESCRIPTION
This function converts EventLogRecords into human readable output.
PARAMETERS
-EventRecordType <String>
Specifies the event record type which, in turn, determines the custom type and therefore the default
properties of the output.
Required? false
Position? 1
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Events <EventLogRecord[]>
One or more EventLogRecord objects.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByValue)
Accept wildcard characters? false
-GroupPolicy <Object[]>
Provide the function all group policy objects in order to have the friendly name presented in the event
output. Usually, this can be set to 'Get-GPO -All'.
Required? false
Position? 2
Default value None
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
System.Diagnostics.Eventing.Reader.EventLogRecord[]
OUTPUTS
System.Object
NOTES
-------------------------- Example 1 --------------------------
PS C:\\> Get-WinEvent -LogName System -MaxEvents 5 | ConvertFrom-EventLogRecord
-------------------------- Example 2 --------------------------
PS C:\\> Get-WinEvent FilterHashTable = @{ProviderName = "Service Control Manager"} -MaxEvents 5 |
ConvertFrom-EventLogRecord -EventRecordType ServiceEvent
RELATED LINKS
Online Version: https://powershell.anovelidea.org/modul ... ecord.html