Powershell cmdlets can help you filter event logs within a date range. For this, we need to have a start date and an end date for the logs. We also need the name of the logs that we want to filter. These could be System, Security, or Application event logs.
Below, we will look at the process of filtering event logs within a date range using Powershell.
Find System logs between a date range in Powershell
Let us consider the case of finding event logs from the system logs for the last week in Powershell. We will consider a start date for the logs as 23rd December 2022 and an end date of 29th December 2022.
For filtering the system logs, we will assign two variables to store the start and end dates. Once the variables are assigned, we will use the Get-Eventlog cmdlet and filter the system logs out of all the available logs.
The commands that you can use to filter the system logs for the last week from Powershell are given below. You can change the start and end dates to run this on your system for filtering logs within a specific date range.
$date1=Get-Date -Date ’12/23/2022 08:00:00′
$date2=Get-Date -Date ’12/29/2022 17:00:00′
Get-EventLog -LogName System -EntryType Error -After $date1 -Before $date2
We are filtering the errors from the System log. If desired, you could replace the entry type to fetch information or warnings from the system logs.
The result of this command is displayed below in the screenshot.
For the purpose of the screenshot, we have truncated the logs. But, the command is a good way to filter the system logs within a date range.
Find application logs within a date range in Powershell
In the example below, we will filter the application logs from the events log within a date range. As discussed above, we will assign a start date and an end date to filter the application logs.
The exact command to filter the application logs between the start and the end date is shared below:
$date1=Get-Date -Date ’12/23/2022 08:00:00′
$date2=Get-Date -Date ’12/29/2022 17:00:00′
Get-EventLog -LogName application -EntryType Error -After $date1 -Before $date2
The output of this command is shared below in the screenshot.
We got only 2 events in the application logs during the last week from the events log. You can pick the event index and fetch more information for the errors using another set of Powershell commands.
We have filtered these logs on the basis of entry types that correspond to errors. You could replace the entry type to get warnings or information as well.
Find security logs within a date range in Powershell
Similar to the process elaborated above, we can also filter the security logs from a computer in Powershell for a specified date range. We will assign the start and end date for the security logs and use the commands below to fetch the security logs for the specific date range of one week.
The security logs contain audit success and audit failure messages. So, we will filter the security logs based on the audit failures.
$date1=Get-Date -Date ’12/23/2022 08:00:00′
$date2=Get-Date -Date ’12/29/2022 17:00:00′
Get-EventLog -LogName security -EntryType FailureAudit -After $date1 -Before $date2
The output of this command is displayed below in a condensed screenshot.
Summary
In this Powershell tutorial, we have seen how to fetch logs from the system log, security log, and application logs. You could replace the start date and end date in Powershell and fetch the logs for the specified date range.
Suggested Powershell Tutorials
You may like to read more Powershell tutorials for Windows computers given below.
- How to find CPU utilization using Powershell
- How to find free disk space in Powershell?
- How to find Windows Update history using Powershell?
- How to concatenate strings in Powershell?
- How to read a text file using Powershell?
- How to find TPM version of a computer using Powershell?
- Check TPM on Windows computer using Powershell
- Use Powershell to find all files over a certain size
- How to kill a process in Powershell on Windows computers?
- Battery report of Windows computer using Powershell
- How to find MAC address in Powershell?
- How to find network adapter details in Powershell?
Rajesh Dhawan is a technology professional who loves to write about Cyber-security events and stories, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.