在交互模式下,这有效:
Get-Eventlog -log application -after ((get-date).addMinutes(-360)) -EntryType Error
现在我想过滤掉某些消息,以下没有过滤出想要的单词:
Get-Eventlog -log application -after ((get-date).addMinutes(-360)) -EntryType Error | where-object {$_.$Message -notlike "*Monitis*"}
另外,如何在 where 对象上添加多个条件?
在我的脚本中,我在 -and 语句上遇到错误:
$getEventLog = Get-Eventlog -log application -after ((get-date).addMinutes($minutes*-1)) -EntryType Error
# list of events to exclude
$getEventLogFiltered = $getEventLog | where-object {$_.Message -notlike "Monitis*"
-and $_.Message -notlike "*MQQueueDepthMonitor.exe*"
}
$tableFragment = $getEventLogFiltered | ConvertTo-Html -fragment
错误:
-and : The term '-and' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
the spelling of the name, or if a path was included, verify that the path is correct and try again.
At D:\scripts\EventLogExtract2.ps1:24 char:40
+ -and $_.Message -notlike "*MQQueueDepthMo ...
+ ~~~~
最佳答案
在第二个代码片段中,删除“消息”之前的美元符号。读起来像下面这样。如果您使用 PowerShell ISE,您会看到“消息”应为黑色而不是红色。
Get-Eventlog -log application -after ((get-date).addMinutes(-360)) -EntryType Error | where-object {$_.Message -notlike "*Monitis*"}
对于第三个代码片段,我放置了 grave accent在Where-Object 过滤器中开始换行之前。这告诉 PowerShell 您正在继续一行而不是开始新一行。此外,在 PowerShell ISE 中,比较运算符(与 & 不同)从蓝色和黑色变为灰色。
$getEventLog = Get-Eventlog -log application -after ((get-date).addMinutes($minutes*-1)) -EntryType Error
# list of events to exclude
$getEventLogFiltered = $getEventLog | where-object {$_.Message -notlike "Monitis*" `
-and $_.Message -notlike "*MQQueueDepthMonitor.exe*"
}
$tableFragment = $getEventLogFiltered | ConvertTo-Html -fragment
关于windows - 如何设置 Powershell where-object 来过滤 EventLog,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/17195184/