I am trying to capture log files from a specific date and I am not getting any results no matter how many days I go back.
Get-EventLog -LogName Application -EntryType Warning -Source MicrosoftDynamicsNAVClientWebClient | Select Message -ExpandProperty Message | Where { ($_.Message -match 'Shutdown') -and ($_.TimeGenerated -gt [datetime]::Today.AddDays('-1')) }
Here is the list of log files
Message TimeGenerated
------- -------------
Shutdown has occurred ... 1/18/2017 12:01:52 AM
Shutdown has occurred ... 1/18/2017 12:01:52 AM
Shutdown has occurred ... 1/18/2017 12:01:52 AM
Shutdown has occurred ... 1/16/2017 7:01:53 PM
Shutdown has occurred ... 1/16/2017 7:01:53 PM
Shutdown has occurred ... 1/16/2017 7:01:53 PM
Shutdown has occurred ... 1/15/2017 2:01:39 PM
Shutdown has occurred ... 1/15/2017 2:01:39 PM
Shutdown has occurred ... 1/15/2017 2:01:39 PM
Shutdown has occurred ... 1/14/2017 1:58:47 PM
Shutdown has occurred ... 1/14/2017 1:58:47 PM
Shutdown has occurred ... 1/14/2017 1:58:47 PM
Shutdown has occurred ... 1/13/2017 8:58:46 AM
Shutdown has occurred ... 1/13/2017 8:58:46 AM
Shutdown has occurred ... 1/13/2017 8:58:46 AM
Shutdown has occurred ... 1/12/2017 3:58:45 AM
Shutdown has occurred ... 1/12/2017 3:58:45 AM
Your issue is that you use the the Select cmdlet to expand Message. So then when you try to filter on TimeGenerated that property isn't there. If you only want the messages, then select after you filter.
Get-EventLog -LogName Application -EntryType Warning -Source MicrosoftDynamicsNAVClientWebClient | Where { ($_.Message -match 'Shutdown') -and ($_.TimeGenerated -gt [datetime]::Today.AddDays(-1)) } | Select -ExpandProperty Message