Enabled Logs with Data – 2012 PowerShell Scripting Games Beginner Event #7

Display a list of enabled logs that contain data. Do not display errors. Include hidden logs. Display the complete log name and number of entries. Sort by the logs with the most entries in them.

My research on this one lead me to the Use PowerShell to Query All Event Logs for Recent Events blog article on the Hey, Scripting Guy! Blog. I also used the online help by running Get-Help Get-WinEvent -Online. Example #3 was of particular interest:


By viewing the help, I was able to determine that the Force parameter would display debug and analytic logs that are hidden by default. I used -ErrorAction SilentlyContinue since I wasn’t required to handle errors, only to prevent them from displaying. Then I piped my command to the Where-Object cmdlet similar to the help for example #3 as shown in the screenshot above. I added a -and and the other condition of IsEnabled. I determined that IsEnabled was a property by piping the first command to Get-Member:


Then I piped it to Sort-Object RecordCount -Descending to sort as required. The most difficult portion of this entire scenario was the requirement of “You should display the complete log name, and the number of entries in the log.” I initially piped my output to Format-Table with the AutoSize parameter. I tested my code thoroughly and determined that if I used the AutoSize parameter, this requirement would not be met if my PowerShell console window was narrow enough such as 60 pixels wide:


The AutoSize parameter does not guarantee that the data will not be truncated as you can see here in this PowerShell console window that had been re-sized to 60 pixels wide:


I decided to use the Wrap parameter since the width of the judges PowerShell console window was outside of my control and it would ensure that this requirement would be met no matter how narrow the PowerShell console was as shown in this 60 pixel wide window:


Wrap at 15 pixels wide:           AutoSize at 15 pixels wide:


Now which one of these options is guaranteed to meet the requirements of this scenario?

Here’s the one liner I submitted for this event:

Get-WinEvent -ListLog * -Force -ErrorAction SilentlyContinue | Where-Object {$_.RecordCount -and $_.IsEnabled} | Sort-Object RecordCount -Descending | Format-Table -Property LogName, RecordCount -Wrap