Can anyone help me to convert below command into wmi query or get-wmiobj -filter, as it takes more time for remote servers.
Get-EventLog -ComputerName $Comp -LogName System -After (Get-Date).AddDays(-3) -ErrorAction Stop |
? { $_.EntryType -eq "Critical" -or $_.EntryType -eq "Warning" -or $_.EntryType -eq "Error"}
Thx for your time.
Try doing the filtering on the remote host instead of retrieving events of all types first and filtering them afterwards:
Get-EventLog -Computer $Comp -LogName System -EventType Error,Warning `
-After (Get-Date).AddDays(-3) -ErrorAction Stop
There isn't an event type "Critical", BTW.
If you must use WMI, something like this should work:
$age = (Get-Date).AddDays(-3).ToUniversalTime()
$ts = [System.Management.ManagementDateTimeconverter]::ToDmtfDateTime($age)
$filter = "LogFile='System' AND TimeGenerated>='$ts' AND EventType<=2"
gwmi Win32_NTLogEvent -Filter $filter -Computer $Comp -EnableAllPrivileges