Hope you all are doing fine. I have a question, i want to find a specific event id in a log that is archived but there are so many of them that i want go through each one of them
I have found a site on how you can do that http://blog.microsoftme.com/2014/05/09/powershell-parsing-of-archived-event-logs/ but the output i get is "Parsing C:\logs.evtx"
This is the code :
`Get-ChildItem -include *Sec*.evtx -Path x:\loggingarchive\ -recurse |
ForEach-Object {“Parsing $($_.fullname)`r`n”
Try {
$TotalSearch+=Get-WinEvent -FilterHashtable @{
Path=$_.fullname
Id=4738;
StartTime= 10/11/2020
EndTime= 4/10/2022
} -EA Stop
$TotalSearch+=Get-WinEvent -FilterHashtable @{
Path=$_.fullname
Id=5139;
StartTime= 10/11/2020
EndTime=4/10/2021
} -EA Stop
} Catch [System.Exception] {“Done”}} > C:\Users\user\Documents\logs.txt`
What am i doing wrong here, Instead of getting the events i get the output as noted above