I would like to search the eventlog with one simple query as opposed to going through the same ordeal twice. I simply want to search the eventlog for both application warnings and errors as well as the system log. I currently have it running but would like to have one query if possible.
$Date = (Get-Date).AddDays(-4)
$ApplicationEvents = Get-WinEvent -ComputerName $TestHostTemp -FilterHashtable @{logname='application'; StartTime=$Date; level=2,3}
$SystemEvents = Get-WinEvent -ComputerName $TestHostTemp -FilterHashtable @{logname='System'; StartTime=$Date; level=2,3}
I would prefer to do something like this but don't know the context to put it in.
$Date = (Get-Date).AddDays(-4)
$ApplicationEvents = Get-WinEvent -ComputerName $TestHostTemp -FilterHashtable @{logname='application','System'; StartTime=$Date; level=2,3}
As @zett42 pointed out the OP's desired query works fine. You can specify an array of strings for the log you want to query without an issue. I'm leaving my answer here in case somebody can learn from it for other purposes.
You can, but you'll want to use the -FilterXml parameter. What you can do is setup a custom view in the Event Viewer, and then click on the XML tab and copy things from there. Once you have the XML in PowerShell you can modify it as you see fit. Basically something like this:
$StartTime = [datetime]::Today.AddDays(-4).ToUniversalTime().Tostring('yyyy-MM-ddThh:mm:ss.000Z')
$Filter = @"
<QueryList>
<Query Id="0" Path="Application">
<Select Path="Application">*[System[(Level=2 or Level=3) and TimeCreated[@SystemTime>='$StartTime']]]</Select>
<Select Path="System">*[System[(Level=2 or Level=3) and TimeCreated[@SystemTime>='$StartTime']]]</Select>
</Query>
</QueryList>
"@
$Events= Get-Winevent -FilterXml $Filter