The following runs fine on local computer, but when I put -ComputerName "myRemoteName", it hangs and doesn't return anything even after about 5 minutes; but program still seems to be running.
Is it trying to return a large packet of data across the "wire"? In theory, I should have under 10 errors on the remote computer in the last 2 hours.
$getEventLog = Get-EventLog -log application -ComputerName "myRemoteName" -after ((get-date).addMinutes($minutes*-1)) -EntryType Error
Write-Host Get-Eventlog completed
# list of events to exclude (based on text found in the message)
$getEventLogFiltered = $getEventLog | Where-Object {$_.Message -notlike 'Monitis*' -and $_.Message -notlike '*MQQueueDepthMonitor.exe*' -and $_.Message -notlike '*The local computer may not have the necessary registry*' }
#to only select certain columns, use Select-Object -Property and list the property/columns
$getEventLogColumns = $getEventLogFiltered | Select-Object -Property TimeGenerated,Source,Message,EntryType,MachineName,EventID
$tableFragment = $getEventLogColumns | ConvertTo-Html -fragment
Write-Host "HTML-Table Built"
Code after that builds an email and sends it...
I've seen other posts that suggest switching to Get-WinEvents, but I think that would take me an hour or two to rewrite (due to my lack of experience with Powershell); what I have above is working fine on local computers.
Updates 03/04/2014 13:40 CT:
Running with $minutes = 120 ran 14.5 minutes.
Running with $minutes = 1 ran 12.5 minutes.
Conclusion, changing the range of $minutes doesn't really seem to effect the response time; both are slow.
It seems that I was wrong, even with Where-Object filter it still scans like in case of -after parametr (I was just testing on different, freshly build machine and this is why it finished so quickly).
Additional research showed however that break function could be useful, so what I did was:
Get-EventLog -ComputerName $ServerName -LogName Security | WHERE { ($_.EventID -eq '528')} | ForEach-Object {
$_
if ($_.TimeGenerated.CompareTo($YDate) -lt 1) { Break}
}
It prints all event logs and when it hits event log older than (in my case 24 hours) break kicks in and stops get-eventlog cmdlet.
It is not the most pretty solution but it seems to be working fine so far.