Hi,
I want to extract the last log entry from event log
for example, i like to have the last (newest) event id 4672 in event log (using powershell not wevtutil
so i should use get-eventlog
but the problem is the -newest does not allow me to filter the last one of one ID
i tested these :
Get-EventLog "Security" -Newest 1 | Where-Object {$_.EventID -eq 4672}
but it just gets the last one and will display it if it is 4672
and this one that works but it is very slow, it returns the first one (what i want) very soon but the command is not finished until searching all over the logs
Get-EventLog "Security" | Where-Object {$_.EventID -eq 4624} | Select-Object -Last 2
and i cannot use -newest in it cause if for example i use -newest 1000, maybe my wanted first event id is the 1004th one
any help appreciated
Payne is back