How to Review Logs using Windows PowerShell

Windows Powershell is similar to a terminal on Linux systems. It is a proprietary Windows command-line shell and can be used for different purposes including logs review. Logs are critical for administrators to identify issues and troubleshoot machines. But it is difficult to identify relevant information from logs. This blog guides you on How to Review Logs using Windows PowerShell.

How to Review Logs using Windows PowerShell

(1) Display a list of event logs

Get-EventLog -List

(2) Display only 20 entries of System logs

Get-EventLog -Logname System -Newest 10

(3) Display only 10 entries of Security logs

Get-EventLog -Logname Security -Newest 10

(4) Display only 10 entries of OAlerts logs

Get-EventLog -Logname OAlerts -Newest 10

(5) Display only 5 entries of OAlerts logs where ErrorType is Error

Get-EventLog -Logname OAlerts -Newest 5 -ErrorType Error

(6) To filter based on date and time

Get-EventLog -LogName System -After ([datetime]'2021-01-01 10:00') -before ([datetime]'2021-12-08 10:00') 

(7) To filter and display only EntryType and InstanceId by using the pipe (|) command

Get-EventLog -LogName System -After ([datetime]'2021-01-01 10:00') -before ([datetime]'2021-12-08 10:00') | Select-Object EntryType, InstanceId

(8) Filter the results by using pipe the cmdlet to Get-Member

Get-EventLog application -newest 1 | Get-Member


This blog lists out some commands that help you to review logs on Windows Shell. Feel free to comment if any doubt arises in any of the script.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *