Get-ServiceEvent
SYNOPSIS
This function will query the specified system for all service control manager events for service operations, stop, and start events. You can then filter on a particular service name or service displayname.
SYNTAX
Get-ServiceEvent [[-ComputerName] <String[]>] [[-Credential] <PSCredential>] [[-StartTime] <DateTime>]
[[-EndTime] <DateTime>] [[-MaxEvents] <Int64>] [-Oldest] [-Raw] [<CommonParameters>]
DESCRIPTION
This function will query the specified system for all service control manager events for service operations, stop, and start events. You can then filter on a particular service name or service displayname.
EXAMPLES
Example 1
PS C:\> (Get-ServiceEvent).Where({$_.ServiceDisplayName -match "print"}) | Select-Object -Property TimeCreated,EventType,ServiceName,ServiceDisplayName,Message
TimeCreated : 9/12/2017 9:41:27 PM
EventType : ServiceOperations
ServiceName :
ServiceDisplayName : Printer Extensions and Notifications
Message : The Printer Extensions and Notifications service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
TimeCreated : 10/3/2017 10:42:18 PM
EventType : ServiceOperations
ServiceName : Spooler
ServiceDisplayName : Print Spooler
Message : The start type of the Print Spooler service was changed from auto start to demand start.
TimeCreated : 10/3/2017 10:42:20 PM
EventType : ServiceOperations
ServiceName : Spooler
ServiceDisplayName : Print Spooler
Message : The start type of the Print Spooler service was changed from demand start to auto start.
PARAMETERS
-ComputerName
Gets events from the event logs on the specified computer(s). Type the NetBIOS name, an Internet Protocol (IP) address, or the fully qualified domain name of the computer. The default value is the local computer.
Type: String[]
Parameter Sets: (All)
Aliases: IPAddress, __Server, CN
Required: False
Position: 0
Default value: None
Accept pipeline input: True (ByPropertyName, ByValue)
Accept wildcard characters: False
-Credential
Specifies a user account that has permission to perform this action. The default value is the current user.
Type a user name, such as User01 or Domain01\User01. Or, enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password. If you type only the parameter name, you will be prompted for both a user name and a password.
Type: PSCredential
Parameter Sets: (All)
Aliases:
Required: False
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-EndTime
Specifies the end of the time period for the event log query.
Type: DateTime
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-MaxEvents
Specifies the maximum number of events this function returns. Enter an integer. The default is to return all the events in the logs.
Type: Int64
Parameter Sets: (All)
Aliases:
Required: False
Position: 4
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Oldest
Returns the events in oldest-first order. By default, events are returned in newest-first order.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
-StartTime
Specifies the beginning of the time period for the event log query.
Type: DateTime
Parameter Sets: (All)
Aliases:
Required: False
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Raw
Use this switch to provide the raw event log record for the function.
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).