4/23/2018: This is a quick 1-liner script aimed at pulling all eventlog events over a specific time span, across multiple logs. Gives you the 'high-view' timeline of the sequence of events, when you're trying to correlate that odd issue to a root cause.Sure you can check each constituent log - System, Application, and a Crimson/App-log one by one, and mentally compare the time sequence across the logs.
But the handy bit to this chunk of code is that it quickly & neatly pulls all of the events together into one csv, sorted into time sequence, ready for quick review: Pop the Csv open, and you can directly see the events that occurred just ahead of your app's issues - possibly spot the OS/System-level item that actually was the actual root of the problem. :)
Usage:
- Note: The underlying Get-WinEvent cmdlet requires Powershell v2+.
- Set the $tlogs variable to an array of the logs you want collected (System, Application & 'Lync Server' log in the example).
- Set the $fltEvt hash's StartTime & EndTime to the time interval you want to examine (e.g. just before your app symptom appeared, and just after it ended).
- If you want to run the command remotely (rather than collecting logs from the local box), update $tSrvr to specify the name of the remote server you want checked.
- The script will aggregqate the spec'd log events together, sort them on 'TimeCreated', and output them to a csv file with the name pattern:
Here's the powershell 1-liner
And the current revision can always be found at Github/Gist: get-MultiLogTimelineToCsv.ps1
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.