Monday, April 23, 2018

The Big Picture (Powershell log-spanning event script)

4/23/2018: This is a quick 1-liner script aimed at pulling all eventlog events over a specific time span, across multiple logs. Gives you the 'high-view' timeline of the sequence of events, when you're trying to correlate that odd issue to a root cause.

Sure you can check each constituent log - System, Application, and a Crimson/App-log one by one, and mentally compare the time sequence across the logs.

But the handy bit to this chunk of code is that it quickly & neatly pulls all of the events together into one csv, sorted into time sequence, ready for quick review: Pop the Csv open, and you can directly see the events that occurred just ahead of your app's issues - possibly spot the OS/System-level item that actually was the actual root of the problem. :)

  • Note: The underlying Get-WinEvent cmdlet requires Powershell v2+.
  • Set the $tlogs variable to an array of the logs you want collected (System, Application & 'Lync Server' log in the example).
  • Set the $fltEvt hash's StartTime & EndTime to the time interval you want to examine (e.g. just before your app symptom appeared, and just after it ended).
  • If you want to run the command remotely (rather than collecting logs from the local box), update $tSrvr to specify the name of the remote server you want checked.
  • The script will aggregqate the spec'd log events together, sort them on 'TimeCreated', and output them to a csv file with the name pattern:  
 C:\scripts\logs\ComboEvts-[log names]-Server-[server name]-SPAN-yyyyMMdd-HHmmtt-TO-yyyyMMdd-HHmmtt.csv

Here's the powershell 1-liner

No comments:

Post a Comment