Finding Application Errors – 2012 PowerShell Scripting Games Beginner Event 5

The details of the event scenario and the design points for Beginner Event #5 of the 2012 PowerShell Scripting Games can be found on the Hey, Scripting Guys! Blog.

Your manager has task you with producing a report of applications that are causing errors on your servers. This report should display the source and number of errors from the application log.

How can I find out what PowerShell cmdlets are available to query the application event log? I could certainly use Get-Help, but I can also use Get-Command:

2012sg-be5-1.png

After looking at the help topic for these, I chose to use Get-EventLog:

2012sg-be5-2.png

Based on the available parameters in the screenshot above, I'm going to use Get-EventLog -ComputerName $Env:ComputerName -LogName Application -EventType Error. Specifying the ComputerName parameter allows it to be run against remote computers. The LogName parameter is mandatory and you must specify a log name or you'll be prompted for one when the command is run. The EventType parameter allows you to filter the results down to only errors instead of getting everything only to filter out all the non-errors with Where-Object (Filter as far to the Left as possible).

Now we need a count of how many times each error shows up in the application log. I searched and found the Group-Object cmdlet. I also took a look at Measure-Object, but Group-Object was a better fit to meet this scenario's objectives. Piping the previous command to Group-Object -Property Source gives it a Count column, but also some type of element column named Group:

2012sg-be5-3.png

Displaying help for the Group-Object cmdlet shows it has a NoElement parameter that will remove this column from the results:

2012sg-be5-4.png

The other way to find what parameters are available for a cmdlet is to type a space and then minus (dash) after the cmdlet name and then start pressing the tab key to cycle through the available parameters. This uses the tabbed expansion feature to your benefit just like not having to type full cmdlet names or not having to type them in the proper case. I can type get-h and then press tab to have it automatically change to Get-Help.

For additional points, I need to sort by the application with the most errors. Piping the previous command to Get-Member shows that Count which is also the name of the column with the number of errors is a property. Sometimes the column names aren't the same as the property name. I sorted by Count in descending order to complete this one:

2012sg-be5-5.png

1Get-EventLog -ComputerName $Env:ComputerName -LogName Application -EntryType Error | Group-Object -Property Source -NoElement | Sort-Object -Property Count -Descending

µ