PowerShell脚本中的WMI事件筛选器查询
我正在尝试使用其他人编写的PowerShell脚本向SCCM服务器添加两个不同的WMI事件。我必须将两个事件查询合并为一个查询,但我不确定如何最好地执行。到目前为止,我已经尝试了很多不同的方法。代码如下:PowerShell脚本中的WMI事件筛选器查询,powershell,wmi,wql,Powershell,Wmi,Wql,我正在尝试使用其他人编写的PowerShell脚本向SCCM服务器添加两个不同的WMI事件。我必须将两个事件查询合并为一个查询,但我不确定如何最好地执行。到目前为止,我已经尝试了很多不同的方法。代码如下: Function WMI-InstanceFilter { # Function Started LogTraceMessage "*** Function WMI-InstanceFilter Started ***" Write-Verbose "*** Function WMI-Inst
Function WMI-InstanceFilter
{
# Function Started
LogTraceMessage "*** Function WMI-InstanceFilter Started ***"
Write-Verbose "*** Function WMI-InstanceFilter Started ***"
$PropertyHash = @{
QueryLanguage = "WQL";
Query = "";
Name = "Name";
EventNameSpace="root/sms/site_$($SiteCode)"
}
$Script:InstanceFilter = New-CimInstance -Namespace root/subscription -ClassName __EventFilter -Property $PropertyHash -Verbose -ErrorAction Stop
SELECT * FROM __InstanceOperationEvent Within 900 Where TargetInstance ISA 'SMS_Package' and TargetInstance.Name like 'drivers - %'"
SELECT * FROM __InstanceOperationEvent Within 300 Where TargetInstance ISA 'SMS_Package' and TargetInstance.Name like 'BIOS - %'"
最好的方法是什么?您在查询中处理的是WQL,并且只能有一个内值-请参阅,因此您必须选择300秒=5分钟或900秒=15分钟,或者在两者之间选择一个折衷值 您的组合SELECT语句如下所示
SELECT * FROM __InstanceOperationEvent WITHIN 900 WHERE TargetInstance ISA 'SMS_Package' AND TargetInstance.Name LIKE 'drivers - %' OR TargetInstance.Name LIKE 'BIOS - %'
Function WMI-InstanceFilter {
[CmdletBinding()]
param (
[ValidateSet('Bios', 'Drivers' )]
[string]$InstanceType
)
# Function Started
LogTraceMessage "*** Function WMI-InstanceFilter Started ***"
Write-Verbose "*** Function WMI-InstanceFilter Started ***"
switch ($InstanceType) {
'Bios' {
$query = "SELECT * FROM __InstanceOperationEvent Within 900 Where TargetInstance ISA 'SMS_Package' and TargetInstance.Name like 'drivers - %'"
}
'Drivers' {
$query = "SELECT * FROM __InstanceOperationEvent Within 300 Where TargetInstance ISA 'SMS_Package' and TargetInstance.Name like 'BIOS - %'"
}
}
$PropertyHash = @{
QueryLanguage = "WQL"
Query = $query
Name = "Name"
EventNameSpace="root/sms/site_$($SiteCode)"
}
$Script:InstanceFilter = New-CimInstance -Namespace root/subscription -ClassName __EventFilter -Property $PropertyHash -Verbose -ErrorAction Stop
}
SELECT * FROM __InstanceOperationEvent WITHIN 900 WHERE TargetInstance ISA 'SMS_Package' AND TargetInstance.Name LIKE 'drivers - %' OR TargetInstance.Name LIKE 'BIOS - %'
Function WMI-InstanceFilter {
[CmdletBinding()]
param (
[ValidateSet('Bios', 'Drivers' )]
[string]$InstanceType
)
# Function Started
LogTraceMessage "*** Function WMI-InstanceFilter Started ***"
Write-Verbose "*** Function WMI-InstanceFilter Started ***"
switch ($InstanceType) {
'Bios' {
$query = "SELECT * FROM __InstanceOperationEvent Within 900 Where TargetInstance ISA 'SMS_Package' and TargetInstance.Name like 'drivers - %'"
}
'Drivers' {
$query = "SELECT * FROM __InstanceOperationEvent Within 300 Where TargetInstance ISA 'SMS_Package' and TargetInstance.Name like 'BIOS - %'"
}
}
$PropertyHash = @{
QueryLanguage = "WQL"
Query = $query
Name = "Name"
EventNameSpace="root/sms/site_$($SiteCode)"
}
$Script:InstanceFilter = New-CimInstance -Namespace root/subscription -ClassName __EventFilter -Property $PropertyHash -Verbose -ErrorAction Stop
}
您可以这样组合名称查询:TargetInstance.name类似于“drivers-%”或TargetInstance.name类似于“BIOS-%”。但是,我不认为您可以组合计时,因此您需要为INSTEIN子句选择一个持续时间,因为它现在是一个查询。不,不必同时执行这些操作,只是不确定是否有其他方法可以执行。参数驱动的switch语句是什么样子的?让我知道,我会接受你的答案。我已经在应答器中添加了一个可能的函数,尝试运行你编写的内容,但它不起作用,日志文件说变量ErrorMessage设置为System.ArgumentException:无法从提供的.NET对象推断CimType。查询是否在函数之外运行?你能手动创建是吗?不是。新CimInstance:无法从提供的.NET对象推断CimType。