How to exclude specific user in get-eventlog

Question

I have the following script

get-eventlog -LogName Security -InstanceId 4663 -after (Get-Date).AddMonths(-1) -before (Get-Date) |
Select TimeWritten, @{Name="Account Name";Expression={ $_.ReplacementStrings[1]}}, @{Name="Object Name";e= {$_.ReplacementStrings[6]}}  |
Export-Csv "archive $(Get-Date -UFormat "%m.%d.%Y").csv" -NoType

I have tried adding a Where statement

@{Name="Account Name";Expression={ $_.ReplacementStrings[1]} -notlike "user"}

or

$_.username -notlike "user"

however neither seems to affect the outcome of the log.

What am I doing wrong?

Answer 1

My solution wound up using -NotMatch instead of -notlike

Pulled from https://social.technet.microsoft.com/Forums/ie/en-US/d6a2e073-ada4-4b4f-8cd5-1ebe9256fcfe/geteventlog-and-message-details?forum=winserverpowershell

get-eventlog -LogName Security -InstanceId 4663 -after (Get-Date).AddMonths(-1) -before (Get-Date) | 
Where {$_.message -notmatch "Account Name:\s*user*"} |
Select TimeWritten, @{Name="Account Name";Expression={ $_.ReplacementStrings[1] }}, @{Name="Object Name";e= {$_.ReplacementStrings[6]}}  |
Export-Csv "archive $(Get-Date -UFormat "%m.%d.%Y").csv" -NoType