Using Get-WinEvent to Retrieve Events within a Specific Time Period

Copper Contributor

Does anyone know if it is possible to define a time range when using Get-WinEvent in PowerShell? It appears to work when specifying StartTime, but encounters issues when setting both StartTime and EndTime.

 

Working example:

```powershell

Get-WinEvent -FilterHashTable @{'LogName' = 'Application'; 'StartTime' = Get-Date "November 26, 2023 14:00:00"; }

```

 

Encountering issues:

```powershell

Get-WinEvent -FilterHashTable @{'LogName' = 'Application'; 'StartTime' = Get-Date "November 26, 2023 14:00:00"; 'EndTime' = Get-Date "November 26, 2023 14:01:00"}

Get-WinEvent : No events were found that match the specified selection criteria.

At line:1 char:1

+ Get-WinEvent -FilterHashTable @{LogName='Application';StartTime='01/0 ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : ObjectNotFound: (:) [Get-WinEvent], Exception

+ FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand

```

4 Replies
Example Script
# Define the start and end times for the event filtering
$startTime = Get-Date "2023-10-01 00:00:00"
$endTime = Get-Date "2023-10-31 23:59:59"
# Define the event log to search (e.g., 'System' or 'Application')
$logName = "System"
# Create a filter hashtable with the specified time range
$filterHashtable = @{
LogName = $logName
StartTime = $startTime
EndTime = $endTime
}
# Get the events using the filter
$events = Get-WinEvent -FilterHashtable $filterHashtable
# Display the events
$events | Format-Table -Property TimeCreated, Id, Message -AutoSize
The Get-WinEvent cmdlet allows you to filter events based on a variety of criteria, including time, but the way it handles StartTime and EndTime is dependent on the specific format and the events being logged.

If you still encounter issues, check if the Windows Event Log contains events in that specific time range and if the time zone settings are correct, as this may affect the results.