Some background
I am encountering some crash and freeze issues I want to get a better handle on. For this, I want to investigate all available event & log information for a specific time period.
I have a very good handle on when something bad happened, but not why. So, f.e. I would like to pull all potentially relevant information from a specific day between a specific 15min period, say "26-11-2021 15:00" to "26-11-2021 15:15".
If found it hard to use the inbuilt windows event-viewer to give me access to this information, as I couldn't figure out how to get information across all log-files to show up in a compact way.
Then I learnt about PowerShell (started as admin) and the Get-WinEvent tool. However, I'm lost in the documentation and couldn't achieve my primary goal:
How can I create a 'filtered' text-file of all (relevant) log-entries from a specific time-period?
After quite some time of internet-browsing, I found a partial solution to my problem, copy-pasting some one-liner I found:
Get-WinEvent -ListLog * | % {Get-WinEvent -FilterHashTable @{LogName=$_.LogName;StartTime="26-11-2021 15:00";EndTime="26-11-2021 15:15"; Level=(1,2,3) } -ea 0} | sort timecreated -des >> C:\temp\events.txtThis is helpful, but without understanding the syntax much, I've noticed two shortcomings:
The output log entries are sometimes truncated, f.e.:
I don't seem to catch really all entries. In particular, I know that in a specific period a system-restart occurred and would show up in the Event Viewer as critical/error event:
But I can't find that in the generated text-output for the same period of time.
So this led me to believe, that I still don't have found the best way to get what I want. Any help highly appreciated.
3 Reset to default
