Would you like to learn how to filter Windows event logs using Powershell? In this tutorial, we are going to show you how to filter event logs using the command line.

• Windows 2012 R2
• Windows 2016
• Windows 2019
• Windows 2022
• Windows 10
• Windows 11

Equipment list

Here you can find the list of equipment used to create this tutorial.

This link will also show the software list used to create this tutorial.

Related tutorial – PowerShell

On this page, we offer quick access to a list of tutorials related to PowerShell.

Tutorial Powershell – Filtering Windows event logs

Start an elevated Powershell command line.

Windows 10 - powershell elevated

List all log files.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Get a summary of all log files.

Copy to Clipboard

Get a summary of all enabled log files with records greater than 0.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

List all log provider names.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

List the type of events available on a specific log provider.

Copy to Clipboard

List the events of a classic log file.

Copy to Clipboard

List the events of a modern log file.

Copy to Clipboard

Filter events using the log name.

Copy to Clipboard

Filter events using the log name and the event ID.

Copy to Clipboard

Filter events with a specific start date.

Copy to Clipboard

Filter events with a specific start and end date.

Copy to Clipboard

Filter events within a specific time interval.

Copy to Clipboard

There are multiple ways to filter date and time.

Copy to Clipboard

Filter events using the error level.

Copy to Clipboard

Filter events using the message content.

Copy to Clipboard

List all the fields available to filter an event.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Get the name and value of all fields of an event.

Copy to Clipboard

Congratulations! You are able to filter Windows log events using Powershell.