<< A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

–A–

–B–

–C–

–D–

–E–

eventID, find specific

Get-EventLog -Log "Application" -After (Get-Date -Date '7/28/2018') | where {($_.eventID -eq 1000) -or ($_.eventID -eq 1026 -or ($_.eventID -eq 1325))}

–F–

–G–

–H–

–I–

–J–

–K–

–L–

log types, see list of all the different

Get-WinEvent -ListLog *

or perhaps all the different available logs that actually have something potentially useful in them

Get-WinEvent -ListLog * | ? {$_.RecordCount -gt 0} | sort RecordCount -Descending

–M–

–N–

–O–

OS update fails

$query = @"
<QueryList>
  <Query Id="0" Path="System">
    <Select Path="System">*[System[Provider
        [@Name='Microsoft-Windows-WindowsUpdateClient']
        and (Level=2) and Task = 1
        and (band(Keywords,8200))]]</Select>
  </Query>
</QueryList>
"@
$i=0
Foreach($event in $systemEvents)
{
  $systemEvents[$i]
  $i++
}

The "level=2" specifies failure.

This is a simplified version of what I couldn't get to work here

–Q–

–R–

–S–

Security log failures

This finds all audit failures.  I cap it at the most recent 2000 so it won’t take forever. In order to get more detail on “Replacement Strings”, concatenate them (separating with “;”). If you don’t, the hash elements won’t show up in the .csv file properly

Get-Eventlog -LogName security -Newest 2000 | where {($_.EntryType -eq 'FailureAudit') } | Select-Object index, TimeGenerated, InstanceID, message, @{L='ReplacementStrings'; E = { $_.ReplacementStrings -join ";"}} | Export-Csv C:\Users\user\Documents\SecurityLogAuditFailures.csv

This doesn’t filter for any EventIDs (“InstanceID”).  This might return a whole bunch of EventID 5157 (DNS). To focus on some other EventIDs:

Get-Eventlog -LogName security -Newest 200000 | where {($_.EntryType -eq 'FailureAudit') -and (($_.InstanceID -eq 4625) -or ($_.InstanceID -eq 4656))} | Select-Object index, TimeGenerated, message, @{L='GUID'; E={$_.ReplacementStrings[0]}}, @{L='name'; E={$_.ReplacementStrings[1]}}, @{L='domain'; E={$_.ReplacementStrings[2]}}, @{L='someHexValue'; E={$_.ReplacementStrings[3]}}, @{L='someOtherGUID'; E={$_.ReplacementStrings[4]}} | Export-Csv C:\Users\user\Documents\SecurityLogAuditFailures2.csv

–T–

–U–

–W–

–X–

–Y–

–Z–