I'm trying to read boot duration from event viewer via powershell. This is the command i use:
Get-WinEvent -FilterHashtable @{logname="Microsoft-Windows-Diagnostics-Performance/Operational"; id=100}
But I get this error message:
Get-WinEvent : No events were found that match the specified selection criteria.
At line:1 char:15
+ ... ootevents = Get-WinEvent -FilterHashtable @{logname="Microsoft-Window ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-WinEvent], Exception
+ FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand
To get this information, you must run PowerShell as Administrator.
Then the below will probably do what you want:
Get-WinEvent -FilterHashtable @{LogName="Microsoft-Windows-Diagnostics-Performance/Operational"; Id=100} -MaxEvents 10 | ForEach-Object {
# convert the event to XML and grab the Event node
$eventXml = ([xml]$_.ToXml()).Event
# output
[PSCustomObject]@{
'Computer' = $eventXml.System.Computer
'BootTime' = [int64]($eventXml.EventData.Data | Where-Object {$_.Name -eq 'BootTime'}).InnerXml
'BootFinished' = [datetime]($eventXml.EventData.Data | Where-Object {$_.Name -eq 'BootEndTime'}).InnerXml
}
}
The output will be something like this:
Computer BootTime BootFinished -------- -------- ------------ YourPC 118733 12-6-2019 15:17:42 YourPC 40259 12-6-2019 11:40:11 YourPC 43884 12-6-2019 6:00:27 YourPC 46158 11-6-2019 12:26:17 YourPC 37759 11-6-2019 10:00:30 YourPC 53178 11-6-2019 6:49:03 YourPC 49745 10-6-2019 16:25:59 YourPC 39130 10-6-2019 11:14:59 YourPC 57165 10-6-2019 6:57:30 YourPC 48230 9-6-2019 11:03:02
P.S. 'BootTime' is the number of milliseconds. The date format d-MM-yyyy HH:mm:ss is the default on my Dutch computer