Powershell Syntax

Get-EventLog [-LogName] <String> [[-InstanceId] <Int64[]>] [-After <DateTime>] [-AsBaseObject] [-Before <DateTime>] [-ComputerName <String[]>] [-EntryType {Error | Information | FailureAudit | SuccessAudit | Warning}] [-Index <Int32[]>] [-Message <String>] [-Newest <Int32>] [-Source <String[]>] [-UserName <String[]>]
[<CommonParameters>]
Get-EventLog [-AsString] [-ComputerName <String[]>] [-List] [<CommonParameters>]
  • There are two possible combinations of parameters you can’t mix between them, some commands may have more than 2 sets.
  • Anything in square brackets is optional.
  • If you omit optional parameter names then they MUST be provided in the correct order! (e.g. ‘Get-EventLog Security 10’ is shorthand for  ‘Get-EventLog -LogName Security -InstanceID 10’. ‘Get-EventLog 10 Security’ will not work as there is no Event Log called 10).
[-LogName] <String>
  • The log name is not optional as its not in square brackets but actually writing the word LogName is!
[[-InstanceId] <Int64[]>]
  • Instance ID is optional (the whole thing is in square brackets
  • Writing ‘-InstanceID’ is optional
  • InstanceID expects a 64-bit integer (-9223372036854775808 to 9223372036854775807) and the additional square brackets indicate it will accept and array or list of them
[-List]
  • This is a switch, essentially a parameter without a value
[<CommonParameters>]
  • These are a bunch of parameters available to ALL commands

Leave a Reply

Your email address will not be published. Required fields are marked *