New-EventFilterXml¶
SYNOPSIS¶
Creates XML that can be used to query event logs using the Get-WinEvent
cmdlet.
SYNTAX¶
TimeSpan (Default)¶
New-EventFilterXml -LogName <String> [-Provider <String>] [-EventId <String[]>] [-Since <TimeSpan>] [-EventDataFilter <String>] [-LevelDisplayName <LogLevelName[]>] [-Audit <String[]>] [-XPath] [<CommonParameters>]
TimeRange¶
New-EventFilterXml -LogName <String> [-Provider <String>] [-EventId <String[]>] [-StartTime <DateTime>] [-EndTime <DateTime>] [-EventDataFilter <String>] [-LevelDisplayName <LogLevelName[]>] [-Audit <String[]>] [-XPath] [<CommonParameters>]
DESCRIPTION¶
Creates XML that can be used to query event logs using the Get-WinEvent
cmdlet.
EXAMPLES¶
Example 1¶
PS C:\> New-EventFilterXml -LogName Application -Provider MyEventSource -Since (New-TimeSpan -Days 3) -LevelDisplayName Critical,Error <QueryList> <Query Id="0" Path="Application"> <Select Path="Application">*[System[Provider[@Name="MyEventSource"] and (Level=1 or Level=2) and TimeCreated[timediff(@SystemTime) <= 259200000]]]</Select> </Query> </QueryList>
Create an XML filter to query the Application event log with MyEventSource provider for all Critical and Error events since the last 3 days.
PARAMETERS¶
-Audit¶
Specifies the audit level for the Security to add to the XML filter.
Type: String[] Parameter Sets: (All) Aliases: Accepted values: Success, Failure Required: False Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False
-EndTime¶
Specifies the end of the time period to add to the XML filter.
Type: DateTime Parameter Sets: TimeRange Aliases: Required: False Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False
-EventDataFilter¶
Specifies a string data filter generated by the New-EventDataFilter
function.
Type: String Parameter Sets: (All) Aliases: Required: False Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False
-EventId¶
Specifies one or more event IDs to add to the XML filter.
Type: String[] Parameter Sets: (All) Aliases: Id Required: False Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False
-LevelDisplayName¶
Specifies one or more event log levels to add to the XML filter.
Type: LogLevelName[] Parameter Sets: (All) Aliases: Level Accepted values: LogAlways, Critical, Error, Warning, Informational, Verbose, Issues Required: False Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False
-LogName¶
Specifies the event log name to add to the XML filter.
Type: String Parameter Sets: (All) Aliases: Required: True Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False
-Provider¶
Specifies the event provider, sometimes called event source, to add to the XML filter.
Type: String Parameter Sets: (All) Aliases: Required: False Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False
-Since¶
Specifies the beginning of the time period for the event log query based on the given amount of time.
Type: TimeSpan Parameter Sets: TimeSpan Aliases: TimeSpan Required: False Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False
-StartTime¶
Specifies the beginning of the time period to add to the XML filter.
Type: DateTime Parameter Sets: TimeRange Aliases: Required: False Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False
-XPath¶
Return only an XPath filter.
Type: SwitchParameter Parameter Sets: (All) Aliases: Required: False Position: Named Default value: None Accept pipeline input: False Accept wildcard characters: False
CommonParameters¶
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.