≡ Menu

Powershell Query Application error events in windows 7

By this time I am sure you find Custom filters in Windows 7/2008 R2 event viewer very useful. They just displays the results what you need. If you want to get similar functionality with powershell, you can use Get-WinEvent Powershell cmdlet.

I am using it to very good extent to find out the application crashes of given exe in remote computers. Here is a small example where I am querying iexplore.exe crash events in remote computers and I am interested only in recent 5 incidents.

Get-WinEvent -ComputerName PC1 -FilterHashtable @{logname=”Application”;providername=”application error”; data=”iexplore.exe”;} | select -first 5

This runs pretty quickly and displays the results very fast compared to other cmdlets like Get-EventLog or GWMI WIn32_NTLogEvent. You can measure the performance with measure-command cmdlet if you want.

Hope this little tip helps you. Feel free to write in comments section if you have any doubts/questions

Comments on this entry are closed.