Search code examples
powershellevent-log

I want to know the name of the value for properties[0] in the eventlog

I want to know the name of the value for properties[0] in the eventlog : powershell code

$log = Get-WinEvent -FilterHashtable @{
    Logname ='System'
    ProviderName = 'Microsoft-Windows-Power-Troubleshooter'
    id = 1
} -Maxevents 1

$log.Properties[0].value

powershell

  • What does properties[0] mean?
  • How do I know what the value is for?
  • want to get a name for this property value.
  • want to know what the value of properties[0] is for what name.
Solution

  • You can use the xml method to see the names:

    $log = Get-WinEvent @{ProviderName = 
  'Microsoft-Windows-Power-Troubleshooter'} -Maxevents 1
$xml = [xml]$log.toxml()
$xml.event.eventdata.data

Name                     #text
----                     -----
SleepTime                2024-05-12T05:02:03.8933908Z
WakeTime                 2024-05-12T13:10:24.4362685Z
SleepDuration            1367
WakeDuration             936
DriverInitDuration       185
BiosInitDuration         1002
HiberWriteDuration       4767
HiberReadDuration        0
HiberPagesWritten        525740
Attributes               1912623361
TargetState              4
EffectiveState           5
WakeSourceType           5
WakeSourceTextLength     39
WakeSourceText           Intel(R) Ethernet Connection (7) I219-V
WakeTimerOwnerLength     0
WakeTimerContextLength   0
NoMultiStageResumeReason 0
WakeTimerOwner
WakeTimerContext
CheckpointDuration       22

    The -listprovider also parameter provides the info:

    get-winevent -ListProvider Microsoft-Windows-Power-Troubleshooter | % events | 
  select -first 1

Id          : 1
Version     : 0
LogLink     : System.Diagnostics.Eventing.Reader.EventLogLink
Level       : System.Diagnostics.Eventing.Reader.EventLevel
Opcode      : System.Diagnostics.Eventing.Reader.EventOpcode
Task        : System.Diagnostics.Eventing.Reader.EventTask
Keywords    : {}
Template    : <template xmlns="http://schemas.microsoft.com/win/2004/08/events">
                <data name="SleepTime" inType="win:FILETIME" outType="xs:dateTime"/>
                <data name="WakeTime" inType="win:FILETIME" outType="xs:dateTime"/>
                <data name="SleepDuration" inType="win:UInt32" outType="xs:unsignedInt"/>
                <data name="WakeDuration" inType="win:UInt32" outType="xs:unsignedInt"/>
                <data name="DriverInitDuration" inType="win:UInt32" outType="xs:unsignedInt"/>
                <data name="BiosInitDuration" inType="win:UInt32" outType="xs:unsignedInt"/>
                <data name="HiberWriteDuration" inType="win:UInt32" outType="xs:unsignedInt"/>
                <data name="HiberReadDuration" inType="win:UInt32" outType="xs:unsignedInt"/>
                <data name="HiberPagesWritten" inType="win:UInt32" outType="xs:unsignedInt"/>
                <data name="Attributes" inType="win:UInt32" outType="win:HexInt32"/>
                <data name="TargetState" inType="win:UInt32" outType="xs:unsignedInt"/>
                <data name="EffectiveState" inType="win:UInt32" outType="xs:unsignedInt"/>
                <data name="WakeSourceType" inType="win:UInt32" outType="xs:unsignedInt"/>
                <data name="WakeSourceTextLength" inType="win:UInt16" outType="xs:unsignedShort"/>
                <data name="WakeSourceText" inType="win:UnicodeString" outType="xs:string"
              length="WakeSourceTextLength"/>
              </template>

Description : The system has returned from a low power state.

              Sleep Time: %1
              Wake Time: %2

              Wake Source: %13%15