I'm writing a script that has to export events to a CSV file. I want to add rows with accurate system time. What I don't get is how to extract the SystemTime property of TimeCreated. I.e. this one:
TimeCreated
[SystemTime] 2016-10-25T20:04:47.824727500Z
Here is a sample of the current output:
PS C:\Users\user> Get-WinEvent -LogName Application -MaxEvents 10 | Select-Object TimeCreated
TimeCreated
-----------
25.10.2016 23:04:47
25.10.2016 23:04:47
25.10.2016 23:04:17
25.10.2016 23:04:17
25.10.2016 23:04:17
25.10.2016 23:04:17
25.10.2016 23:04:16
25.10.2016 23:04:16
25.10.2016 23:04:16
25.10.2016 23:00:15
Update
I can add -ExpandProperty TimeCreated, but this results in adding extra columns such as Day, DayOfWeek, DayOfYear, Hour, Kind, Milliseconds, Minute, Month, Second, Ticks, TimeOfDay and it does not seem like -ExcludeProperty works for them.
What do yo mean by "get the SystemTime property"? The TimeCreated field of eventlog entries contains DateTime values, which don't have any such property. If you need the values in a particular format you can apply that format via a calculated property:
Get-WinEvent -LogName Application -MaxEvents 10 |
Select-Object @{n='TimeCreated';e={
$_.TimeCreated.ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.ffffffZ')
}}