Monitoring The forwardedEvents windows log

Question

I am trying to debug an issue where forwarded windows events are picked up using a splunk forwarder but are taking up to thirty minutes to get through the system.

I can generate a unique event and want to determine when it hits the forwarded event log. I can run get-winevent and look for it that way, but the event file is so big that it can take a real long time to parse. What I would like is someway to watch the event log stream waiting for my input.

Any ideas?

Answer 1

Perhaps not quite what You need, however:

    #function fun {
    $s = { 


    $now = Get-Date
    $yesterday = $now.AddDays(-1)

    $rh = Read-Host "Today -- Yesterday"
    if ($rh -like "Today") {

    Get-WinEvent -LogName "System" | ? {$_.TimeCreated.ToString().Split(" ")[0] -like $now.ToString().Split(" ")[0] } 
    $rerun = read-host "Rerun Script?"
    if ($rerun -eq "Y"){&$s}
    }

    if ($rh -like "Yesterday") {

    Get-WinEvent -LogName "System" | ? {$_.TimeCreated.ToString().Split(" ")[0] -like $yesterday.ToString().Split(" ")[0] } 
$rerun = read-host "Rerun Script?"    
if ($rerun -eq "Y"){&$s}
    }

    else {}
    }
    &$s
    #}fun

If You press Y after "Rerun Script?" programm will be returned to start