PowerShell问题与排序和管道
[英]PowerShell question with sorting and piping
问题描述
Hello I am using PowerShell Version 5 I am running a command and it is working but the narrowed search is not returning results. 
您好,我正在使用PowerShell版本5,我正在运行命令,该命令正在运行,但缩小的搜索范围未返回结果。
Get-EventLog System -Newest 5 | where {$_.eventID -eq 1074}
So I thought oh I only want to see the last 5 objects that match my filter. 所以我想哦,我只想查看与我的过滤器匹配的最后5个对象。 It runs but returns no result because in the event log there is no eventID 1074 in the last 5 entries. 它会运行,但不会返回任何结果,因为在事件日志中,后5个条目中没有eventID 1074。 So I just need to move that parameter to the end. 所以我只需要将该参数移到最后。 No luck 没运气
Get-EventLog System | where {$_.eventID -eq 1074} | -newest 5
-newest : The term '-newest' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:53
+ Get-EventLog System | where {$_.eventID -eq 1074} | -newest 5
+ ~~~~~~~
+ CategoryInfo : ObjectNotFound: (-newest:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
So, positioning the -newest after the pipe moves the parameter into a position I think where it is not understood. 因此,定位-newest管道后移动到参数的位置,我认为它是不理解。
Any one have some advice to how I can approach thinking about this that will help me out in the future? 有人对我如何思考这个问题有一些建议,这些建议将来会对我有帮助吗?
2 个解决方案
解决方案1
3 已采纳 2018-11-08 02:45:56
To limit your filtered results to at most 5 events, you must use Select-Object -First 5 in a final pipeline segment: 要将筛选结果限制为最多5个事件,必须在最终管道段中使用Select-Object -First 5 :
Get-EventLog System | Where-Object { $_.eventID -eq 1074 } | Select-Object -First 5
-Newest <n> is a parameter that is specific to Get-EventLog , and it unconditionally returns the first <n> entries, irrespective of their content. -Newest <n>是特定于Get-EventLog的参数,并且它无条件地返回第一个<n>条目,而不管它们的内容如何。
There is no common parameter across cmdlets that offers similar functionality, but there's the generic Select-Object cmdlet that allows selecting up to <n> objects from whatever its input is via -First <n> . cmdlet中没有提供相似功能的通用参数 ,但是通用的Select-Object cmdlet允许通过-First <n>从其输入中选择最多<n>对象。
解决方案2
2 2018-11-08 03:07:06
here's a likely faster way to get the info you seem to want. 这是获取您似乎想要的信息的一种可能更快的方法。 it uses Get-WinEvent instead of Get-EventLog and also uses the -FilterHashtable parameter to let the event system do some of the filtering. 它使用Get-WinEvent而不是Get-EventLog并且还使用-FilterHashtable参数让事件系统执行某些过滤。
#requires -RunAsAdministrator
$FilterHash = @{
Logname = 'System'
ID = 1074
StartTime = (Get-Date).AddDays(-20)
}
Get-WinEvent -FilterHashtable $FilterHash -MaxEvents 20
this is usually noticeably faster than using Get-EventLog . 这通常比使用Get-EventLog明显更快。 [ grin ] [ 咧嘴 ]
here's an article on the ideas ... 这是关于想法的文章...
Use FilterHashTable to Filter Event Log with PowerShell – Hey, Scripting Guy! 使用FilterHashTable通过PowerShell过滤事件日志–嗨,脚本专家! Blog 博客
— https://blogs.technet.microsoft.com/heyscriptingguy/2014/06/03/use-filterhashtable-to-filter-event-log-with-powershell/ — https://blogs.technet.microsoft.com/heyscriptingguy/2014/06/03/use-filterhashtable-to-filter-event-log-with-powershell/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.