powershell - In Get-WinEvent, which kind of interval of EndTime? -
i used get-winevent in powershell eventlog in time interval. avoid data loss or repeat, need know interval type of starttime , endtime.
in following example in msdn:
ps c:\> # use where-object cmdlet ps c:\>$yesterday = (get-date) - (new-timespan -day 1) ps c:\>get-winevent -logname "windows powershell" | where-object {$_.timecreated -ge $yesterday} # uses filterhashtable ps c:\>$yesterday = (get-date) - (new-timespan -day 1) ps c:\>get-winevent -filterhashtable @{logname='windows powershell'; level=3; starttime=$yesterday} it seems starttime means ">=".
but did not find info endtime. what's represent? "<" or "<="?
endtime means <=. ran test on pc. when set endtime=(get-date -date "03.08.2015 14:07:27") events on precise time. timestamps in event log don't contain milliseconds, therefore filtering done 1 second precision.
Comments
Post a Comment