Gathering Recent Events for a Specific VM

Imagine this scenario: you login to one of your Hyper-V servers and find that something has gone wrong with a virtual machine.  Maybe the guest operating system is not responding, maybe it is running slower than expected, maybe something else has gone wrong.

As you are triaging the problem – you are likely to want to gather all the information you can about what has been happening with the virtual machine in question.  Luckily, this is quite easy to do with PowerShell.

In fact, you just need to run this code snippet:

$vmName = "File Server"
Get-WinEvent -FilterHashTable @{LogName ="Microsoft-Windows-Hyper-V*"; StartTime = (Get-Date).AddDays(-2)} | ?{( [xml]$_.toxml()).event.userdata.vmleventlog.vmname -eq $vmName}

And you will get results like this:
 
(sorry for the lack of results – I have not had any problems with my virtual machines lately!)

This works because Hyper-V tags each event log entry with the virtual machine name, and the Get-WinEvent Cmdlet allows you to look for this tag in the event log results.

Cheers,
Ben