Get-WinEvent troubleshooting examples

1. ## Various 1 liners to get all events from all event logs/providers in given time ranges
2. ## Further filtering can be applied via the grid view or pipe through Where-Object before Out-Gridview
3.  
4. ## Message can have line breaks so replace those with a space to help show all text
5.  
6. Get-WinEvent -FilterHashtable @{ LogName = '*' ; StartTime = [datetime]::Now.AddMinutes( -5 ) } -Oldest  -EA 0 | select timecreated,leveldisplayname,id,logname,providername,@{Name='Message';Expression={$_.Message  -replace "`n`r?" , ' ' }}|Out-Gridview
7.  
8. ## Show only error or warning events in a given time window (eg logon) - use date format for your locale
9.  
10. Get-WinEvent -FilterHashtable @{ LogName = '*' ; StartTime = "08:30 26/03/2023" ; EndTime = "08:45 26/03/2023" ; Level = 1,2,3 } -Oldest -EA 0 | select timecreated,leveldisplayname,id,logname,providername,@{Name='Message';Expression={$_.Message  -replace "`n`r?" , ' ' }}|Out-Gridview
11.  
12. ## Show only error or warning events for today for Citrix event providers
13.  
14. Get-WinEvent -FilterHashtable @{ ProviderName = 'Citrix*' ; StartTime = [datetime]::Today ; Level = 1,2,3 } -Oldest -EA 0 | select timecreated,leveldisplayname,id,logname,providername,@{Name='Message';Expression={$_.Message  -replace "`n`r?" , ' ' }}|Out-Gridview
15.  
16. ## Show only warnings/error where "Citrix" is in the message text (can do this in a grid view too)
17.  
18. Get-WinEvent -FilterHashtable @{ LogName = '*' ; StartTime = [datetime]::Now.AddMinutes( -95 ) } -Oldest  -EA 0 | select timecreated,leveldisplayname,id,logname,providername,@{Name='Message';Expression={$_.Message  -replace "`n`r?" , ' ' }}|Where Message -match 'Citrix'|Out-Gridview
19.