Have you ever wanted to find out a list of various event ID’s and output them to a file?
Have you ever wanted to know about resource exhaustion events, Event ID 2004?
Have you wanted to know when your server was restarted? For example, Event ID 6005, the event log service started (this happens when the server starts)
The powershell to find this is a one-liner, as follows:
Get-EventLog -LogName "System" | where-object {$_.EventID -eq 6005} | select MachineName, TimeGenerated, Source, Message
If you wanted to find this out about all your SharePoint Servers in your farm, you could run these lines:
$spservers=Get-SPServer | where{$_.Role -ne “Invalid”} foreach($spserver in $spservers) { $filename=$spserver.name Get-EventLog -LogName "System" | where-object {$_.EventID -eq 6005} | select MachineName, TimeGenerated, Source, Message }
Here’s a nice Microsoft Developer Network Article that lists out a few Event ID’s and a rough idea of what they mean: https://msdn.microsoft.com/en-us/library/windows/desktop/aa368560(v=vs.85).aspx
Here’s another list that is a bit more inclusive: https://technet.microsoft.com/en-us/library/dd639409.aspx But, as you can see by navigating to the Event ID page for Event ID 10016, that list is not all inclusive.
To output this to a file, you would just need to append | out-file c:\path to file\filename.txt to the one-liner
e.g.
Get-EventLog -LogName "System" | where-object {$_.EventID -eq 6005} | select MachineName, TimeGenerated, Source, Message | out-file c:\LoggingDirectory\Event6005.txt
Remember to always have fun troubleshooting and sometimes it can be an easter egg hunt.
You must be logged in to post a comment.