adamori · December 26, 2022 01:01 · adamori · Dec 25, 2022
diff --git a/powershellevents.ps1 b/powershellevents.ps1
 # Prompt user to input start date, end date, and file name
 # If no value is provided, use default values
 if (!($startDate = Read-Host "Enter the start date (yyyy-mm-dd) [2022-12-01]")) { $startDate = "2022-12-01" }
 if (!($endDate = Read-Host "Enter the end date (yyyy-mm-dd) [2022-12-31]")) { $endDate = "2022-12-31" }
 if (!($fileName = Read-Host "Enter the file name [output.txt]")) { $fileName = "output.txt" }

 $startTimeXPath = (Get-Date $startDate).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffffffZ')
 $endTimeXPath = (Get-Date $endDate).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffffffZ')

 # Set filters to retrieve events with Level 1 or 2 severity from specified date range
 $levelFilter = "*[System[(Level=1 or Level=2)]]"
 $timeFilter = "*[System[(TimeCreated[@SystemTime >= '$startTimeXPath'] and TimeCreated[@SystemTime <= '$endTimeXPath'])]]"

 $events = Get-WinEvent -LogName System -FilterXPath "$levelFilter and $timeFilter" -ErrorAction SilentlyContinue

 $eventGroups = $events | Group-Object Id, ProviderName
 $eventGroups = $eventGroups | Sort-Object Count -Descending

 foreach ($eventGroup in $eventGroups) {
    $eventId = $eventGroup.Name.Split(',')[0].Trim()
    $eventName = $eventGroup.Name.Split(',')[1].Trim()
    "[$($eventId)] [$($eventName)]`n" | Out-File $fileName -Append
    foreach($event in $eventGroup.Group) {
        $eventMessage = $event.Message -replace "`n", " " -replace "`r", " "
        "`t[$($event.TimeCreated)] [$($eventMessage)]`n" | Out-File $fileName -Append
    }
 }
	# Prompt user to input start date, end date, and file name
	# If no value is provided, use default values
	if (!($startDate = Read-Host "Enter the start date (yyyy-mm-dd) [2022-12-01]")) { $startDate = "2022-12-01" }
	if (!($endDate = Read-Host "Enter the end date (yyyy-mm-dd) [2022-12-31]")) { $endDate = "2022-12-31" }
	if (!($fileName = Read-Host "Enter the file name [output.txt]")) { $fileName = "output.txt" }

	$startTimeXPath = (Get-Date $startDate).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffffffZ')
	$endTimeXPath = (Get-Date $endDate).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffffffZ')

	# Set filters to retrieve events with Level 1 or 2 severity from specified date range
	$levelFilter = "*[System[(Level=1 or Level=2)]]"
	$timeFilter = "*[System[(TimeCreated[@SystemTime >= '$startTimeXPath'] and TimeCreated[@SystemTime <= '$endTimeXPath'])]]"

	$events = Get-WinEvent -LogName System -FilterXPath "$levelFilter and $timeFilter" -ErrorAction SilentlyContinue

	$eventGroups = $events \| Group-Object Id, ProviderName
	$eventGroups = $eventGroups \| Sort-Object Count -Descending

	foreach ($eventGroup in $eventGroups) {
	$eventId = $eventGroup.Name.Split(',')[0].Trim()
	$eventName = $eventGroup.Name.Split(',')[1].Trim()
	"[$($eventId)] [$($eventName)]`n" \| Out-File $fileName -Append
	foreach($event in $eventGroup.Group) {
	$eventMessage = $event.Message -replace "`n", " " -replace "`r", " "
	"`t[$($event.TimeCreated)] [$($eventMessage)]`n" \| Out-File $fileName -Append
	}
	}