How to find event logs in the date range in Powershell?

Powershell cmdlets can help you filter event logs within a date range. For this, we need to have a start date and an end date for the logs. We also need the name of the logs that we want to filter. These could be System, Security, or Application event logs.

Below, we will look at the process of filtering event logs within a date range using Powershell.

Find System logs between a date range in Powershell

Let us consider the case of finding event logs from the system logs for the last week in Powershell. We will consider a start date for the logs as 23rd December 2022 and an end date of 29th December 2022.

For filtering the system logs, we will assign two variables to store the start and end dates. Once the variables are assigned, we will use the Get-Eventlog cmdlet and filter the system logs out of all the available logs.

The commands that you can use to filter the system logs for the last week from Powershell are given below. You can change the start and end dates to run this on your system for filtering logs within a specific date range.

$date1=Get-Date -Date ’12/23/2022 08:00:00′
$date2=Get-Date -Date ’12/29/2022 17:00:00′
Get-EventLog -LogName System -EntryType Error -After $date1 -Before $date2

We are filtering the errors from the System log. If desired, you could replace the entry type to fetch information or warnings from the system logs.

The result of this command is displayed below in the screenshot.

System logs between start and end date in Powershell.

For the purpose of the screenshot, we have truncated the logs. But, the command is a good way to filter the system logs within a date range.

Find application logs within a date range in Powershell

In the example below, we will filter the application logs from the events log within a date range. As discussed above, we will assign a start date and an end date to filter the application logs.

The exact command to filter the application logs between the start and the end date is shared below:

$date1=Get-Date -Date ’12/23/2022 08:00:00′
$date2=Get-Date -Date ’12/29/2022 17:00:00′
Get-EventLog -LogName application -EntryType Error -After $date1 -Before $date2

The output of this command is shared below in the screenshot.

Get application logs within a date range in Powershell.

We got only 2 events in the application logs during the last week from the events log. You can pick the event index and fetch more information for the errors using another set of Powershell commands.

We have filtered these logs on the basis of entry types that correspond to errors. You could replace the entry type to get warnings or information as well.

Find security logs within a date range in Powershell

Similar to the process elaborated above, we can also filter the security logs from a computer in Powershell for a specified date range. We will assign the start and end date for the security logs and use the commands below to fetch the security logs for the specific date range of one week.

The security logs contain audit success and audit failure messages. So, we will filter the security logs based on the audit failures.

$date1=Get-Date -Date ’12/23/2022 08:00:00′
$date2=Get-Date -Date ’12/29/2022 17:00:00′
Get-EventLog -LogName security -EntryType FailureAudit -After $date1 -Before $date2

The output of this command is displayed below in a condensed screenshot.

Security logs within a date range in Powershell.

Summary

In this Powershell tutorial, we have seen how to fetch logs from the system log, security log, and application logs. You could replace the start date and end date in Powershell and fetch the logs for the specified date range.

Suggested Powershell Tutorials

You may like to read more Powershell tutorials for Windows computers given below.

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.