Powershell event log code csv output

Question

I have a couple of servers I want to get the event log data from. All I want is on a daily basis each event grouped by event id and the number of times the event occurred. The information is then stored in a CSV file that is sent to me via email. I am able to get this information into a CSV file but cannot seem to find a way to remove the type information even if I include the -NoTypeInformation. I have made various modification with no luck on how the data is presented but if I export it to a txt file it seems to come out file. Please recommend a solution. I know the get-eventlog statements have 2 export-csv statements at this time because I was trying a post from an example I saw online.

$hostname = hostname
$Filecsv = new-item -type file -path "c:\PowershellData\$hostname$(get-date -format hhmmddss).csv"

#$Filetxt = new-item -type file -path "c:\PowershellData\$hostname$(get-date -format hhmmddss).txt"
$yesterday = [DateTime]::Today.AddDays(-1).AddHours(00)
$Today = [DateTime]::Today.AddDays(-1).AddHours(24)

#Get-Eventlog -Logname Application | Where-Object {$_.Timegenerated -ge (Get-Date).AddDate(-1)} | Export-Csv Temp.csv -Encoding Unicode
#[System.IO.File]::ReadAllText("Temp.csv") | Out-File $Filecsv -Append -Encoding Unicode 

#$applog = 
get-eventlog -log application -after $yesterday  -before $Today| group-object -property {$_.EventID} -noelement | export-csv Temp.csv -NoTypeInformation -Delimiter "," -Encoding Unicode
[System.IO.File]::ReadAllText("Temp.csv") | Out-File $Filecsv -Append -Encoding Unicode 


get-eventlog -log System -after $yesterday  -before $Today| group-object -property {$_.EventID} -noelement  | Export-Csv Temp.csv -Encoding Unicode
[System.IO.File]::ReadAllText("Temp.csv") | Out-File $Filecsv -Append -Encoding Unicode 
get-eventlog -log security -after $yesterday  -before $Today| group-object -property {$_.EventID} -noelement  | Export-Csv Temp.csv -Encoding Unicode
[System.IO.File]::ReadAllText("Temp.csv") | Out-File $Filecsv -Append -Encoding Unicode 

$CredUser = "[email protected]"
$CredPassword = Read-host "What is your password?" # -AsSecureString
$smtpServer = "smtp.ExchangeServer.com"
$smtp = new-object Net.Mail.SmtpClient($smtpServer, 587)
$att = new-object Net.Mail.Attachment($Filecsv)
$msg = new-object Net.Mail.MailMessage
$msg.From = "[email protected]"
$msg.To.Add("[email protected]")
$msg.Subject = "$hostname Server Event logs Information $yesterday  to $today"
$msg.Body = "Event logs. "
$msg.Attachments.Add($att)
$smtp.EnableSsl = $true 
$smtp.Credentials = New-Object System.Net.NetworkCredential($CredUser, $CredPassword);
$smtp.Send($msg)
$att.Dispose()

Ansgar Wiechers Ansgar Wiechers · Accepted Answer · 2013-12-03T18:50:27

If you just want the total numbers from all logs you could do it like this:

$csv   = "C:\PowershellData\$env:COMPUTERNAME$(Get-Date -Format hhmmddss).csv"
$today = (Get-Date).Date
$logs  = 'Application', 'System', 'Security'

$logs | % { Get-Eventlog -Log $_ -After $today.AddDays(-1) -Before $today } `
  | group EventID `
  | select @{n='EventID';e={[int]($_.Name)}}, Count `
  | sort @{e='Count';d=$true}, @{e='EventID';d=$false} `
  | Export-Csv $csv -NoType

If you want the numbers per log, I'd include the log name in the result:

$csv   = "C:\PowershellData\$env:COMPUTERNAME$(Get-Date -Format hhmmddss).csv"
$today = (Get-Date).Date
$logs  = 'Application', 'System', 'Security'

$logs | % {
  $log = $_
  Get-Eventlog -Log $log -After $today.AddDays(-1) -Before $today `
    | group EventID `
    | select @{n='Log';e={$log}}, @{n='EventID';e={[int]($_.Name)}}, Count `
    | sort @{e='Count';d=$true}, @{e='EventID';d=$false}
} | Export-Csv $csv -NoType

Powershell event log code csv output

3 Answers