Currently it takes 15-20 seconds to pull specific event viewer logs, is there a more efficient way to accomplish the same end result?
I need the last 5 minutes' worth of application logs for Instance ID 21.
Start-Transcript -Path C:\Windows\Blah\Data\Logs\Temp\StatusErrors.TXT -Append -Force -ErrorAction SilentlyContinue
Get-EventLog -LogName application -After (Get-Date).AddMinutes(-5) -InstanceID 21 -Message "*device*" | Select-Object -ExpandProperty message
Stop-Transcript
I am not getting into the logic of it because already it is yielding results. Get-Eventlog is kinda obsolete. Use Get-WinEvent where you can use advanced XPath and XML filters and the log will use its indexes to return targeted events very quickly.
A sample below:
$filter = @{
LogName = 'application'
ID = 21
StartTime = (Get-Date).AddMinutes(-5)
}
#$Computer = "Hostname" ## In case you are running it remotely
Get-WinEvent -FilterHashTable $filter #-ComputerName $Computer (Commented out since it is when you run remotely)
Hope it helps.