Who Should Read This: DBA or System engineer who wants to gather eventlog information after any important release.
Following blog can help the DBA to gather important information step by step.
Scenario 1: DBA needs to gather the eventlog for last 24 hours on one particular server.
# Declaring one date variable which is intialized with a time which is 24 hours ago.
$dt1 = ((Get-Date).AddHours(-24))
# Delete the Log file created last time. The action "-ErrorAction Silentlycontinue" would help not to throw error in case the files don't exist.
del "D:\EventLog\BEServers\Application\Application_$server.txt" -ErrorAction Silentlycontinue
del "D:\EventLog\BEServers\System\System_$server.txt" -ErrorAction Silentlycontinue
#Folloing is the script which will gather the eventlog from "application and system Error log" for the server
get-eventlog application -computername servername -after $dt1 -EntryType "Error" -ErrorAction Silentlycontinue | Format-list | out-file "D:\EventLog\BEServers\Application\Application_$server.txt" -append
Custom Search
Scenario 2: DBA needs to gather the eventlog between two specific dates on one particular server.
# Declaring two date variables which is intialized with two time when DBA needs to capture the eventlog.
$dt1 = ((Get-Date).AddHours(-240))
$dt2 = ((Get-Date).AddHours(-220))
# Delete the Log file created last time. The action "-ErrorAction Silentlycontinue" would help not to throw error in case the files don't exist.
del "D:\EventLog\BEServers\Application\Application_$server.txt" -ErrorAction Silentlycontinue
del "D:\EventLog\BEServers\System\System_$server.txt" -ErrorAction Silentlycontinue
#Folloing is the script which will gather the eventlog from "application and system Error log" for the server
get-eventlog application -computername servername -after $dt1 -before $dt2 -EntryType "Error" -ErrorAction Silentlycontinue | Format-list | out-file "D:\EventLog\BEServers\Application\Application_$server.txt" -append
get-eventlog system -computername servername -after $dt1 -before $dt2 -EntryType "Error" -ErrorAction Silentlycontinue | Format-list | out-file "D:\EventLog\BEServers\System\System_$server.txt" -append
Scenario 3: DBA needs to gather the eventlog between two specific dates on a list of servers.
#Creating a server list and retrieving all the servers into variable $coreservers
$coreservers = GET-CONTENT "D:\EventLog\serverlist_BE.txt"
# Declaring two date variables which is intialized with two time when DBA needs to capture the eventlog.
$dt1 = ((Get-Date).AddHours(-240))
$dt2 = ((Get-Date).AddHours(-220))
foreach($server in $coreservers)
{
# Delete the Log file created last time. The action "-ErrorAction Silentlycontinue" would help not to throw error in case the files don't exist.
del "D:\EventLog\BEServers\Application\Application_$server.txt" -ErrorAction Silentlycontinue
del "D:\EventLog\BEServers\System\System_$server.txt" -ErrorAction Silentlycontinue
#Folloing is the script which will gather the eventlog from "application and system Error log" for the server
get-eventlog application -computername $server -after $dt1 -before $dt2 -EntryType "Error" -ErrorAction Silentlycontinue | Format-list | out-file "D:\EventLog\BEServers\Application\Application_$server.txt" -append
get-eventlog system -computername $server -after $dt1 -before $dt2 -EntryType "Error" -ErrorAction Silentlycontinue | Format-list | out-file "D:\EventLog\BEServers\System\System_$server.txt" -append
}
Scenario 4: DBA needs to identify only count of Errors from each user
get-eventlog -log system -EntryType "Error" | group-object -property username -noelement | format-table Count, Name -auto
Scenario 5: DBA needs to identify the count of Errors, Information and warnings
get-eventlog -log system | group-object -property entrytype -noelement | format-table Count, Name -auto