Finding Application Errors – 2012 PowerShell Scripting Games Beginner Event 5
The details of the event scenario and the design points for Beginner Event #5 of the 2012 PowerShell Scripting Games can be found on the Hey, Scripting Guys! Blog.
Your manager has task you with producing a report of applications that are causing errors on your servers. This report should display the source and number of errors from the application log.
How can I find out what PowerShell cmdlets are available to query the application event log? I could
certainly use Get-Help
, but I can also use Get-Command
:
After looking at the help topic for these, I chose to use Get-EventLog
:
Based on the available parameters in the screenshot above, I'm going to use Get-EventLog -ComputerName $Env:ComputerName -LogName Application -EventType Error
. Specifying the
ComputerName
parameter allows it to be run against remote computers. The LogName
parameter is
mandatory and you must specify a log name or you'll be prompted for one when the command is run. The
EventType
parameter allows you to filter the results down to only errors instead of getting
everything only to filter out all the non-errors with Where-Object
(Filter as far to the
Left as possible).
Now we need a count of how many times each error shows up in the application log. I searched and
found the Group-Object
cmdlet. I also took a look at Measure-Object
, but Group-Object
was a
better fit to meet this scenario's objectives. Piping the previous command to
Group-Object -Property Source
gives it a Count
column, but also some type of element column
named Group
:
Displaying help for the Group-Object
cmdlet shows it has a NoElement
parameter that will remove
this column from the results:
The other way to find what parameters are available for a cmdlet is to type a space and then minus
(dash) after the cmdlet name and then start pressing the tab key to cycle through the available
parameters. This uses the tabbed expansion feature to your benefit just like not having to type full
cmdlet names or not having to type them in the proper case. I can type get-h
and then press tab to
have it automatically change to Get-Help
.
For additional points, I need to sort by the application with the most errors. Piping the previous
command to Get-Member
shows that Count
which is also the name of the column with the number of
errors is a property. Sometimes the column names aren't the same as the property name. I sorted by
Count
in descending order to complete this one:
1Get-EventLog -ComputerName $Env:ComputerName -LogName Application -EntryType Error | Group-Object -Property Source -NoElement | Sort-Object -Property Count -Descending
µ