PowerShell

We can use the Get-WinEvent cmdlet to gather DSC events. We can query the DSC channels and store the events in an array and then use the Group-Object cmdlet to arrange them by the ID property:

# collect all logs from all channels
$dscEvents = @(
 Get-WinEvent "Microsoft-windows-DSC/operational"
 Get-WinEvent "Microsoft-Windows-DSC/Analytic" -Oldest
 Get-WinEvent "Microsoft-Windows-DSC/Debug" -Oldest
)

If you are wondering whether you can skip using Oldest with the Analytic and Debug logs, you can't. The error that appears when you try this is as follows:

[PS]> Get-WinEvent "Microsoft-Windows-Dsc/Analytic"
Get-WinEvent : The Microsoft-Windows-DSC/Analytic event log can be read only in the forward chronological order
because it is an analytical or a debug log. To see events from the Microsoft-Windows-DSC/Analytic event log, use the
Oldest parameter in the command.
At line:1 char:1
+ Get-WinEvent "Microsoft-Windows-Dsc/Analytic"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 + CategoryInfo : InvalidArgument: (Microsoft-Windows-DSC/Analytic:String) [Get-WinEvent], Exception
 + FullyQualifiedErrorId : SpecifyOldestForLog,
 Microsoft.PowerShell.Commands.GetWinEventCommand

Further querying can be performed on the resulting data by sorting and grouping the result objects:

# Group all logs based on the job ID
$operations = $dscEvents | Group-Object {$_.Properties[0].value}

For example, you can find all events that have the error severity level by searching for the error:

$operations | Where-Object {$_.Group.LevelDisplayName -contains "Error"}

Or, you could examine the message from a single event:

$operations[0].Group.Message

Or, you could find all events from a specific job ID:

($operations | Where-Object {$_.Name -eq 2025}).Group
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset