SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Using PowerShell To Search The Event Log

The “30-minute DBA” was operating in a highly effective mode. He’d automated most everything that could be automated. The first half hour of each day was spent reviewing the automated reports that landed in his inbox over night, taking actions as necessary. That’s why he’s paid the big bucks and gets to spend the balance of his time playing and learning.

“I’m convinced that he actually works 30 minutes a day and the rest of his time is spent playing around with cool SQL Server things in his test lab.” That’s what another DBA told me about the 30-Minute DBA.

Searching The Event Logs

There are a lot of options for automation. PowerShell has become one of my favorites. For example, PowerShell can be used to peek into the Windows Event Log, searching for anything of interest to you. I’ve already written about one way to sift through the events; now I’ll share a few more options.

To examine the Application Event Log, invoke the following cmdlet in PowerShell

Get-EventLog Application;

You can narrow the results to only those entries that are of type Error using the EntryType parameter.

Get-EventLog Application -EntryType Error;

You can further limit the results by looking at only the past 24 hours.

Get-EventLog Application -EntryType Error -After (Get-Date).AddDays(-1);

Using the Message parameter, you can search for specific words or phrases in the error message.

Get-EventLog Application -Message "*failed*";

If a specific event becomes a sporadic problem, you can search for the event using the Where functionality.

Get-EventLog Application | where {$_.EventId -eq 1309} | Format-Table -autosize;

Using these techniques, you can easily set up your own automated Event Log review process and insert the results into an email, a spreadsheet , or a database table for review.


  • What techniques are you using to automate your daily tasks?
  • What do you wish you could automate?

Filed under: Administration, Operating Systems, PowerShell, SQLServerPedia Syndication


Posted by Joie Andrew on 13 February 2011

Great post. I use get-eventlog on a daily basis in a never-ending loop to search for warning and error messages on our production servers in real-time and it works great. I would also suggest that if you have PowerShell 2.0 installed and are doing one-time searches try piping your output to out-gridview. It makes working with events with large message sizes easier to view and copy.

I would also love to see a follow-up article on using get-winevent, as get-eventlog does not work on Vista/Win7/Win2k8/Win2k8R2 and is replaced by get-winevent. We are starting to finally migrate to a 2008 R2 environment and the cmdlet requirements look totally different.

Leave a Comment

Please register or log in to leave a comment.