Category filter
Script to fetch the recent error details on Windows
Windows event logs are detailed reports of the events that occur on the device, which are helpful to troubleshoot any issues that take place in the Windows system. Getting the most recent error details from the Windows event logs enables quick analysis to perform timely action. The error details, including the date and time of occurrence, the source of the error, and the detailed description, help administrators inspect them thoroughly. Using Execute Custom Script action, administrators can deploy the following scripts to retrieve the most recent error details on Windows devices.
The sample scripts provided below are adapted from third-party open-source sites.
PowerShell script
Retrieve the error details on Windows for the present day
|
1 2 3 4 5 6 7 8 9 10 |
$events = Get-WinEvent -FilterHashtable @{ LogName = 'System','Application' Level = 2 StartTime = (Get-Date).Date } | Sort-Object TimeCreated -Descending if ($events) { $events | Select-Object TimeCreated, LevelDisplayName, ProviderName, ID, Message | Format-Table -AutoSize } else { Write-Host "No recent errors found." } |
The above script works in the following order,
- At first, it fetches all the event logs present on the device using the Get-WinEvent cmdlet.
- Later, it creates a hashtable and applies the following filters to it using –FilterHashtable.
- The filters applied are LogName (specifies which logs are searched for), Level (in this case, it is assigned ‘2’ which refers to ‘Error’), and StartTime (denotes the timeline to fetch the error logs, which is the present day).
- Then, it pipes the information in the hashtable and arranges the logs in chronological order.
- All these logs are then assigned to the variable ‘$events.’
- Resultantly, if the $events variable holds any information in it, then the output reads the following and writes it in a table format.
- TimeCreated – the time of entry of the error log.
- LevelDisplayName – type of log (‘Error’ in this case).
- ProviderName – Source from which the log is created.
- ID – Log identification number.
- Message – Detailed description of the error.
- If the $events variable reads no information, then the message “No recent errors found” message is displayed as output.
Retrieve the error details from Windows for the past ‘n’ number of days
|
1 2 3 4 5 6 7 8 9 10 |
$events = Get-WinEvent -FilterHashtable @{ LogName = 'System','Application' Level = 2 StartTime = (Get-Date).AddDays(-’n’) } | Sort-Object TimeCreated -Descending if ($events) { $events | Select-Object TimeCreated, LevelDisplayName, ProviderName, ID, Message | Format-Table -AutoSize } else { Write-Host "No recent errors found." } |
The above script works in a similar manner to the previous one, except that this script can gather error details for the past ‘n’ number of days. The ‘n’ should be replaced by the number of days of error logs required.
For example: “StartTime = (Get-Date).AddDays(-7)”.
The script then returns the error details for the past seven days from the current day.
- It is recommended to manually validate the script execution on a system before executing the action in bulk.
- Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.
