The “Get-WinEvent” cmdlet in PowerShell is used to get the event logs. Moreover, it also gets the event tracing log files on remote and local computers. More specifically it only gets the system and application logs. This cmdlet gets assistance from the “Windows Event Log” technology while getting logs. The “Get-WinEvent” cmdlet retrieves the lists of event log providers and event logs.

In this article, the cmdlet “Get-WinEvent” will be elaborated on.

A Complete Guide to Using the Get-WinEvent PowerShell Cmdlet

As described in the above section, the stated cmdlet is responsible for getting event logs of the system and application. Examples explaining the stated cmdlet are mentioned below.

Example 1: Use the “Get-WinEvent” Cmdlet to Get All the Logs From a Local Computer

This example will retrieve the list of all the logs from a local computer:

Example 2: Use the “Get-WinEvent” Cmdlet to Get the Setup List Log

This example will display the list of setup logs:

In the above code snippet:

• First, write the “Get-WinEvent” cmdlet followed by the “-ListLog” parameter having the “Setup” value assigned.
• Then, add the “|” pipeline followed by the “Format-List” cmdlet.
• Lastly, assign the “-Property” parameter and add the “*” wildcard to select all the properties:

Example 3: Use the “Get-WinEvent” Cmdlet to Get the Event Logs Providers and Log Names

In this illustration, the event log providers and the log names will be retrieved by adding the “-ListProvider” parameter along with the “Get-WinEvent” cmdlet and the “*” wildcard:

Example 4: Use the “Get-WinEvent” Cmdlet to Get the Log Providers That Write to a Specific Log

This demonstration will get the list of the log providers by executing the given code:

Example 5: Use the “Get-WinEvent” Cmdlet to Get the Event Provider Logs That Contain a Specific String

In this example, the specific string will be searched and found among various cmdlets. To do so, simply wrap the string within wildcard “*”, along with the “-ListProvider” parameter and the “Get-WinEvent” cmdlet:

Example 6: Use the “Get-WinEvent” Cmdlet to Get the Event Logs From a Server

This example will get the logs from a server:

In this stated code above:

• First, specify the “Get-WinEvent” cmdlet along with the “-ListLog” parameter and the wildcard “*”.
• Then add the “-ComputerName” parameter having the value “localhost” assigned to it and add the “|” pipeline after it.
• Lastly, define the “Where-Object” cmdlet with the mentioned condition:

That was all about using the Get-WinEvent command in PowerShell.

Conclusion

The “Get-WinEvent” cmdlet gets the event tracing log files and event logs on the local and remote systems. Moreover, it also gets the list of event log providers and event logs. This article has explained the “Get-WinEvent” cmdlet with reference to several examples.