Powershell,-filterhashtable和运算符
[英]Powershell, -filterhashtable, and operators
问题描述
I'm filtering event log entries using the "Get-Winevent" cmdlet. 
我正在使用“ Get-Winevent” cmdlet过滤事件日志条目。 I want to get events whose levels are less than 4 (or where LevelName isn't "Informational"). 我想要获取级别小于4(或LevelName不是“ Informational”的事件)的事件。
I use the -filterhashtable flag to filter the events. 我使用-filterhashtable标志来过滤事件。 But is there a way to do comparisons with filterhashtable? 但是有没有办法与filterhashtable进行比较? Or just put a "not"? 还是只说“不”? Or does filterhashtable only accept "=" as an operator? 还是filterhashtable仅接受“ =”作为运算符?
These two snippets work and get the same results: 这两个代码片段可以工作并获得相同的结果:
where-object 对象在哪里
$events = Get-WinEvent -computer ServerName -LogName System | Where-Object {$_.level -lt 4}
-filterhashtable -filterhashtable
$events = Get-WinEvent -computer ServerName -FilterHashTable @{LogName = 'System'; Level = 1}
$events += Get-WinEvent -computer ServerName -FilterHashTable @{LogName = 'System'; Level = 2}
$events += Get-WinEvent -computer ServerName -FilterHashTable @{LogName = 'System'; Level = 3}
The second snippet runs much faster than the first snippet (2 minutes versus 16 seconds in one case). 第二个片段的运行速度比第一个片段快得多(2分钟对16秒的运行时间)。 As I understand it, "where-object" has to wait until "Get-WinEvent" has gotten every event object (possibly thousands). 据我了解,“ where-object”必须等到“ Get-WinEvent”获得每个事件对象(可能是数千个)之后。 Adding "-filterhashtable" causes the target system's event log to filter before it gives the event object ot Get-WinEvent, which is much faster. 添加“ -filterhashtable”会导致目标系统的事件日志被过滤,然后再将其提供给Get-WinEvent事件对象,这要快得多。
Can I combine the statements? 我可以合并这些陈述吗? These snippets don't work: 这些片段不起作用:
$events = Get-WinEvent -computer ServerName -FilterHashTable @{LogName = 'System'; Level < 4}
$events = Get-WinEvent -computer ServerName -FilterHashTable @{LogName = 'System'; Level != 2}
The "Level" properties is type "int[32]" so a comparison operator should work. “级别”属性的类型为“ int [32]”,因此比较运算符应该起作用。 In fact, it does work with "where-object". 实际上,它确实适用于“ where-object”。 But it doesn't work with the "-filterhashtable" flag. 但是,它不适用于“ -filterhashtable”标志。 Is there no way to do that sort of comparison? 没有办法进行这种比较吗? Is "=" the only operator -filterhashtable accepts? 是唯一的-filterhashtable运算符接受“ =”吗?
2 个解决方案
解决方案1
8 已采纳 2013-11-07 17:20:07
No dice on operators like that. 像这样的操作员没有骰子。 The FilterXPath parameter supports that. FilterXPath参数支持该功能。 However the help on the FilterHashtable parameter indicates it takes an array of int, so it would accept: 但是,关于FilterHashtable参数的帮助表明它接受一个int数组,因此它将接受:
... -FilterHashtable @{LogName='System';Level=0,1,3}
解决方案2
1 2013-11-07 17:09:55
No, you cant. 不,你不能。 A hashtable is a collection of key = value pairs, so it won't allow relational operators. 哈希表是key = value对的集合,因此它将不允许使用关系运算符。
Btw, in Powershell < is -lt and > is -gt . 顺便说一句,在Powershell中, < is -lt和> is -gt 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.