I am trying to retrieve some information related to error and warning from archived event log file. using the below query to ignore certein event id's, but the need to to ignore those event id's from a particular source only
Below query makes ia m trying to use to get the output ignoring those event id's, but lookins for somethinng which can be an event id && source(providername) combination.
Get-WinEvent -Oldest -FilterHashtable @{Path="20210317_system - Copy.evt" ;Level= 2,3} | Where-Object {$_.ID -ne "4"} | Where-Object {$_.ID -ne "36"} | Where-Object {$_.ID -ne "1111"} | Where-Object {$_.ID -ne "2004"} | Where-Object {$_.ID -ne "10010"} | Where-Object {$_.ID -ne "15300"} | Where-Object {$_.ID -ne "15301"}
The solution is can use it this way i tried the -notin with the example. Get-WinEvent -Oldest -FilterHashtable @{Path="20210317_system - Copy.evt" ;Level= 2,3} | Where-Object {$.ProviderName -notin ("b57nd60a","Microsoft-Windows-Time-Service","TerminalServices-Printers","Resource-Exhaustion-Detector","DistributedCOM","HTTPevent") -or $.ID -notin (4,36,1111,2004,10010,15300,15301) } but when i use to ignore/negate cases i need to use an 'or' condition in between i think for it to match and not 'and'