http://www.sqlservercentral.com/blogs/joewebb/2011/02/07/using-powershell-to-search-the-event-log/

Printed 2014/09/21 08:29AM

Using PowerShell To Search The Event Log

By Joe Webb, 2011/02/07

The “30-minute DBA” was operating in a highly effective mode. He’d automated most everything that could be automated. The first half hour of each day was spent reviewing the automated reports that landed in his inbox over night, taking actions as necessary. That’s why he’s paid the big bucks and gets to spend the balance of his time playing and learning.

“I’m convinced that he actually works 30 minutes a day and the rest of his time is spent playing around with cool SQL Server things in his test lab.” That’s what another DBA told me about the 30-Minute DBA.

Searching The Event Logs

There are a lot of options for automation. PowerShell has become one of my favorites. For example, PowerShell can be used to peek into the Windows Event Log, searching for anything of interest to you. I’ve already written about one way to sift through the events; now I’ll share a few more options.

To examine the Application Event Log, invoke the following cmdlet in PowerShell

Get-EventLog Application;

You can narrow the results to only those entries that are of type Error using the EntryType parameter.

Get-EventLog Application -EntryType Error;

You can further limit the results by looking at only the past 24 hours.

Get-EventLog Application -EntryType Error -After (Get-Date).AddDays(-1);

Using the Message parameter, you can search for specific words or phrases in the error message.

Get-EventLog Application -Message "*failed*";

If a specific event becomes a sporadic problem, you can search for the event using the Where functionality.

Get-EventLog Application | where {$_.EventId -eq 1309} | Format-Table -autosize;

Using these techniques, you can easily set up your own automated Event Log review process and insert the results into an email, a spreadsheet , or a database table for review.

Question:


Filed under: Administration, Operating Systems, PowerShell, SQLServerPedia Syndication

Copyright © 2002-2014 Simple Talk Publishing. All Rights Reserved. Privacy Policy. Terms of Use. Report Abuse.