Last active
February 26, 2025 05:21
-
-
Save scriptingstudio/276d6a5d24f55cd00d59d05a9008eb8a to your computer and use it in GitHub Desktop.
Yet Another Windows Event Log Record Expander
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Convert-EventLogRecord { | |
| [cmdletbinding()] | |
| [alias('clr','Format-EventLogRecord')] | |
| param ( | |
| [Parameter(Position=0,Mandatory,ValueFromPipeline)] | |
| [ValidateNotNullOrEmpty()] | |
| [alias('logrecord','events')] | |
| [System.Diagnostics.Eventing.Reader.EventLogRecord[]]$InputObject | |
| ) | |
| process { | |
| foreach ($record in $InputObject) { | |
| $data = [ordered]@{} | |
| foreach ($item in ([xml]$record.ToXml()).Event.EventData.Data) { | |
| $data[$item.name] = $item.'#text' | |
| } | |
| [pscustomobject]@{ | |
| Computername = $record.MachineName | |
| LogName = $record.LogName | |
| RecordType = $record.LevelDisplayName | |
| TimeCreated = $record.TimeCreated | |
| EventID = $record.Id | |
| RecordID = $record.RecordID | |
| Keywords = $record.KeywordsDisplayNames | |
| Source = $record.ProviderName | |
| Message = $record.Message | |
| Data = $data | |
| RecordEntry = $record | |
| } | |
| } | |
| } | |
| } # END Convert-EventLogRecord |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment