Powershell Get-Eventlog Get-Process and Stop-Process commands

Table of Contents

Get-EventLog

We use PowerShell to parse your Server’s/computers event logs using the Get-EventLog cmdlet. There are several parameters available. Use the -Log switch followed by the name of the log file to view a specific log.

For example we can use the following command to view the Application log:

Get-EventLog -Log "Application"

Few options we have with Get-Eventlog options

-Verbose
-Debug
-ErrorAction
-ErrorVariable
-WarningAction
-WarningVariable
-OutBuffer
-OutVariable

Get-WinEvent with filter for event id

PowerShell’s Get-WinEvent cmdlet is a powerful method to filter Windows event and diagnostic logs. Performance improves when a Get-WinEvent is used with filters like =FilterHashtable with logname and event id. We can also use start and end time to filter out by date.

Examples for Get-WinEvent

PS C:\> Get-WinEvent -FilterHashtable @{logname=’application’; id=4107}

>PS C:\> Get-WinEvent -FilterHashtable @{logname=’application’; id=4107; StartTime=(Get-Date).date}

PS C:\> Get-WinEvent -FilterHashtable @{logname=’application’; id=4107; StartTime=”5/01/21″}

PS C:\> Get-WinEvent -FilterHashtable @{logname=’application’;id=4107;StartTime=”5/01/21″;EndTime=”1/01/22″}

Get-Eventlog vs Get-WinEvent

Get-WinEvent is more useful when it comes to the amount of data it can access. Although Get-EventLog is a “legacy cmdlet,” it still works like a charm in most diagnostic cases. It also has one clear advantage: you can use the -After and –Before attributes to filter results by date.

Get-Process

We can use PowerShell to parse your Server’s/computers like getting a list of available services, it’s often useful to be able to get a quick list of all the currently running processes. The Get-Process command puts this information at your fingertips.

Stop-Process

We can use Stop-Process to stop processes that are frozen or is no longer responding. If you’re not sure what process is holding you up, use Get-Process to quickly identify the problematic process. Once you have the name or process ID, use Stop-Process to terminate it.

Examples for Stop-Process:

Stop-Process -processname notepad

We can use PowerShell with wildcard characters too, below example will terminate all instances of Notepad as well as any other processes beginning with note:
Stop-Process -processname note*

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.