Powershell 获取WinEvent-FilterHashTable,变量中有多个ID不起作用
这是我的工作:Powershell 获取WinEvent-FilterHashTable,变量中有多个ID不起作用,powershell,event-log,Powershell,Event Log,这是我的工作: Get-WinEvent -FilterHashTable @{Logname = "ForwardedEvents" ; ID = 4625,4740} 。。。。我期待的结果 这项工作: $EventId = "4625" Get-WinEvent -FilterHashTable @{Logname = "ForwardedEvents" ; ID = $EventId} 这不起作用: $EventId = "4625,4740" Get-WinEvent -Filt
Get-WinEvent -FilterHashTable @{Logname = "ForwardedEvents" ; ID = 4625,4740}
$EventId = "4625"
Get-WinEvent -FilterHashTable @{Logname = "ForwardedEvents" ; ID = $EventId}
$EventId = "4625,4740"
Get-WinEvent -FilterHashTable @{Logname = "ForwardedEvents" ; ID = $EventId}
Get-WinEvent : No events were found that match the specified selection criteria.
At line:1 char:13
+ Get-WinEvent <<<< -FilterHashTable @{Logname = "ForwardedEvents" ; ID = $EventIds}
+ CategoryInfo : ObjectNotFound: (:) [Get-WinEvent], Exception
+ FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand
有人能帮忙吗?在您的示例中,使用多个ID,您正在做两件不同的事情 $EventId=46254740定义一个字符串。您的工作示例使用定义为逗号分隔数字的整数数组 只需将其更改为$EventId=46254740,删除引号即可。看看下面的例子,我们看到:
所以它需要的是数组而不是字符串。谢谢Matt。效果很好。
-- ID=<Int32[]>