This is my first time working in PowerShell. I'm trying to filter events based on Date only.
According to the documentation, Logname and Providername accept wildcard characters.
How can I wildcard the Logname ? I have tried *, ** but it does seem to work.
Get-WinEvent -FilterHashtable @{Logname=*; StartTime=$startTime; EndTime=$endTime}
I don't think you can. Here's how I get around it. You can't even do this in event viewer, events from all logs within a certain time. There's an old windows api limit to the number of lognames. Foreach-object -parallel in powershell 7 is faster.
Get-WinEvent -ListLog * -EA silentlycontinue |
foreach-object { get-winevent -filterhashtable @{logname=$_.logname;
starttime='1:55 pm'; endtime='1:58 pm'} -ea 0 }
# powershell 7
get-winevent -LogName *
Get-WinEvent: Log count (458) is exceeded Windows Event Log API limit (256).
Adjust filter to return less log names.