如何通过其InstanceID选择事件日志

Question

I would like to get all EventLog entries concerning the system and an error. And among those entries I want to select them by their specific InstanceID.

I am going with aa pipe where I slim down the filter but I don't know how to compare the InstanceID with the value of the InstanceID I want.

$sysLog = Get-EventLog -LogName System -EntryType Error |
          Where-Object{$_.InstanceId = 10016}

+ ... LogName System -EntryType Error | Where-Object{$_.InstanceId = 10016}
+                                                    ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation : (:) [], RuntimeException
    + FullyQualifiedErrorId : PropertyAssignmentException

Answer 1

i think that code work :

$sysLog = Get-EventLog -LogName System -EntryType Error |  Where-Object{$_.InstanceId -eq 10016}

$sysLog

see : https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_comparison_operators?view=powershell-6

EDIT example with export to log file :

Function WriteEventLogFile ([string] $pathToWriteLog, [string] $InstanceId){
    $sysLogItems = Get-EventLog -LogName System -EntryType Error | Where-Object {$_.InstanceId -eq $InstanceId}

    # write-host $sysLogItems

    $sysLogItems | Export-Csv -Path  $pathToWriteLog -NoTypeInformation
}

WriteEventLogFile -pathToWriteLog:"C:\Temp\envent_export.log" -InstanceId:"10016"