I need to filter IDs of the last "boot event" from Event Log
I get it by running psloglist -accepteula -n 1 -s -o "Microsoft-Windows-Kernel-General" -i 12 -t ; that I redirect to a file and need to filter only the first chunk of numbers followed by ; on second line as shown in example bellow
System log on \FDU000084151005:
107604;System;Microsoft-Windows-Kernel-General;INFORMATION;FDU000084151005
could you please, please, help me write that in powershell?
Example of how you can get it with Get-WinEvent:
get-winevent -FilterHashtable @{ProviderName = "Microsoft-Windows-Kernel-General" ; Id = 12} |
select -expand RecordId