Filter SharePoint Event Log Entries

I’ve posted this under my 101 Uses for PowerShell , but I thought it was so helpful that it deserved it’s own post.

The script below uses PowerShell to get a collection of event entries from the “Application” Event Log.  It passes a wildcard filter for any source like  ‘*sharepoint*’ and returns the last 20 entries written to the event log. 

The cool thing is that these objects are piped to a gridview.  From there, I can apply additional filtering, like:  “Show me all events where ‘user’ is in the message.”

 

get-eventlog –logname Application –source ‘*sharepoint*’ –newest 20 | out-gridview

 

 

Wanna take your event log entries home with you?  Try this out:  instead of sending the entries through the pipeline to the gridview, send them to a CSV file:

get-eventlog –logname Application –source ‘*sharepoint*’  | export-csv c:\eventlog.csv