Use PowerShell to filter event logs and export to CSV

Question

Use PowerShell to filter event logs and export to CSV

I have the following command that gives the information I need, but I need to filter it out a bit:

Get-EventLog -LogName Security -ErrorAction SilentlyContinue | Select TimeWritten, ReplacementStrings | Export-Csv output.csv

This gives a lot of entries, such as:

 09/11/2012 08:09:27 {S-1-5-18, SYSTEM, NT AUTHORITY, 0x3e7...}

I want to delete any entry in ReplacementStrings that starts with '{S-1-5, but my attempts to use Where-Object and -notlike have no meaning!

Another problem is that without adding Export-Csv output.csv it is displayed on the screen in order, but it is written to the file as follows:

 "09/11/2012 09:22:05","System.String[]"

+4

filter powershell csv event-log

neildeadman Nov 09 '12 at 9:31

source share

1 answer

Jackie · Accepted Answer · 2012-11-09T11:06:11+0000

 Get-EventLog -LogName Security -ErrorAction SilentlyContinue | Select TimeWritten, @{name='ReplacementStrings';Expression={ $_.ReplacementStrings -join ';'}} | where {$_.ReplacementStrings -notmatch '^S-1-5'} | Export-Csv output.csv

Use PowerShell to filter event logs and export to CSV

More articles: