Get/List all windows event log events in the last n minutes in powershell
After I encounter an error or issue, I'd like to quickly review events for the last several minutes to see if there is any helpful information. The trouble is, I don't know which particular log might have the events I'm looking for so I want to just show ALL of them. I want to use powershell because opening event viewer and creating a filter takes too long and the faster I can copy and paste a command into powershell, the fewer events I'll have to sift through. I don't want to have to note the exact time the event would have taken place, just a relative time.
I know how to get events from a single windows event log for the last n minutes, for example Get-EventLog -LogName System -After (Get-Date).AddMinutes(-10) | Format-Table -AutoSize -Wrap, but as the documentation says:
-LogName
Specifies the name of one event log. To find the log names use Get-EventLog -List. Wildcard characters are not permitted. This parameter is required.
So my thought is that I could iterate through all log names, runnin EventLog on each of them and concatenating the results.
1 Answer
Here's a quick command which will iterate each log and show all events which occurred in the last ten minutes sorted by the time they occurred:
Get-EventLog -List `
| %{Get-EventLog -LogName $_.Log -After (Get-Date).AddMinutes(-10) -ErrorAction Ignore} `
| Sort-Object TimeGenerated | Format-Table -AutoSize -WrapOr the same thing in one line:
Get-EventLog -List | %{Get-EventLog -LogName $_.Log -After (Get-Date).AddMinutes(-10) -ErrorAction Ignore} | Sort-Object TimeGenerated | Format-Table -AutoSize -Wrap
