We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

How to query User field in 2008R2 app log?RSS

1 reply

Last post Mar 20, 2017 03:40 PM by fab777

  • How to query User field in 2008R2 app log?

    Mar 20, 2017 03:23 PM|jake20|LINK

    Does anyone know how to extract the "User:" field from server 2008R2 application event log?

    The data is not in the "Strings" field like in the SEC log Its below the strings field on the "General" tab of the app event log entry.

    Any help is really appreciated here.

    thanks

  • Re: How to query User field in 2008R2 app log?

    Mar 20, 2017 03:40 PM|fab777|LINK

    Hi,

    as always PowerShell (and .NET) can do that. Not sure you can filter on the username with Get-EventLog but sure you can do it like this :

    ([System.Diagnostics.EventLog]::GetEventLogs() | ? {$_.log -like 'Application'} ).entries | where {$_.Username -eq 'THE_USER_U_WANNA_FILTER_ON'}

    This message is provided "AS IS" with no warranties... But you can still mark it as answer if it's helped you.
    Fabrice ZERROUKI
    Wanna chill out? Here: JAHSound.net