How to find the properties of an event log in Powershell?

Powershell can help you in collecting information about a specific event from the event log. The event log could be the system log, application log, or security log.

We will talk about collecting the properties of a specific event. For this example, we will consider an event with an event ID of 19. This event ID corresponds to the successful installation of Windows Updates on a Windows computer.

The command below will use the system log for example. However, you could use the same command for other event logs.

Find properties of an event from the system log in Powershell

For the event ID of 19, we will use the commands below. This is a two-step process. We will create a variable that will hold the event ID. This variable is used to get the properties of the event.

$event1=Get-EventLog -LogName System -InstanceID 19 -Newest 1
$event1 | Select-object -Property *

In the command above, the log for instance ID 19 is stored in a variable $event1. The variable is then piped to the ‘Select-object’ directive. Select-object is used to display all the properties of event ID 19.

The result of this command will get full property details of the event ID. In our case, we are talking about the properties of the event ID of 19.

So, the command is very useful to hunt down specific events from the event logs. The output of the above-given commands is represented in the screenshot below. You can see that the complete description and details of event ID 19 are listed in the output.

You can use these commands to filter the property information for any other specific event ID. This approach is quicker and simpler and allows the system administrators to hunt down detailed information for any specific event.

Summary

In this Powershell tutorial, we have seen how we can store the event log of a specific event in a variable. The variable can be used to pipe the output to the Select-object directive.