Trying to assemble PS query into EventLog, and playing with MaxEvents limit. It print zero lines if "MaxEvents" is 1, and it print header line and one event when MaxEvents is 2. Is this correct behaviour, or am I miss something?
powershell.exe Get-WinEvent -FilterHashTable "@{ LogName = 'Microsoft-Windows-UniversalTelemetryClient/Operational'; Id = 55} -MaxEvents 2 | where {$_.Message -match 'false'} | ft -HideTableHeader"
ProviderName: Microsoft-Windows-UniversalTelemetryClient
02/02/2020 14:25:04 55 Information Is the Internet ava...
See below the result of:
Get-WinEvent -FilterHashTable @{ LogName = 'Microsoft-Windows-UniversalTelemetryClient/Operational'; Id = 55}
for my PC is:
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
21/01/2020 06:29:23 55 Information Is the Internet available: true
21/01/2020 05:32:29 55 Information Is the Internet available: true
20/01/2020 17:23:22 55 Information Is the Internet available: true
19/01/2020 07:12:06 55 Information Is the Internet available: true
19/01/2020 07:07:22 55 Information Is the Internet available: false
If I add -MaxEvents for any value up to 4 then no result
If I add -MaxEvents 5:
ProviderName: Microsoft-Windows-UniversalTelemetryClient
19/01/2020 07:07:22 55 Information Is the Internet available: false
The -MaxEvents is therefore processed on the result of -FilterHashTable, not on the results from the log.