HelpCache/Microsoft.PowerShell.Commands.Diagnostics.dll-help.xml
|
<?xml version = "1.0" encoding = "utf-8" ?>
<helpItems schema="maml"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Export-Counter</command:name><maml:description><maml:para>The Export-Counter cmdlet takes PerformanceCounterSampleSet objects and exports them as counter log files.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Export</command:verb><command:noun>Counter</command:noun><dev:version /></command:details><maml:description><maml:para>The Export-Counter cmdlet exports performance counter data (PerformanceCounterSampleSet objects) to log files in binary performance log (.blg), comma-separated value (.csv), or tab-separated value (.tsv) format. You can use this cmdlet to log or relog performance counter data.</maml:para><maml:para>Export-Counter is designed to export data that is returned by the Get-Counter and Import-Counter cmdlets.</maml:para><maml:para>Note: Export-Counter runs only on Windows 7, Windows Server 2008 R2, and later versions of Windows.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Export-Counter</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="1" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the path and file name of the output file. Enter a relative or absolute path on the local computer, or a Uniform Naming Convention (UNC) path to a remote computer, such as \\Computer\Share\file.blg. This parameter is required.</maml:para><maml:para>Note: The file format is determined by the value of the FileFormat parameter, not by the file name extension in the path.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Circular</maml:name><maml:description><maml:para>Indicates that output file should be a circular log with first in, first out (FIFO) format. When you include this parameter, the MaxSize parameter is required.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>FileFormat</maml:name><maml:description><maml:para>Specifies the output format of the output log file. Valid values are CSV, TSV, and BLG. The default value is BLG.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Overwrites and replaces an existing file if one exists in the location specified by the Path parameter.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MaxSize</maml:name><maml:description><maml:para>Specifies the maximum size of the output file.</maml:para><maml:para>If the Circular parameter is specified, then when the log file reaches the specified maximum size, the oldest entries are deleted as newer ones are added. If the Circular parameter is not specified, then when the log file reaches the specified maximum size, no new data is added and the cmdlet generates a non-terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">UInt32</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the counter data to export. Enter a variable that contains the data or a command that gets the data, such as a Get-Counter or Import-Counter command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">PerformanceCounterSampleSet[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Circular</maml:name><maml:description><maml:para>Indicates that output file should be a circular log with first in, first out (FIFO) format. When you include this parameter, the MaxSize parameter is required.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>False</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>FileFormat</maml:name><maml:description><maml:para>Specifies the output format of the output log file. Valid values are CSV, TSV, and BLG. The default value is BLG.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue>BLG</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Overwrites and replaces an existing file if one exists in the location specified by the Path parameter.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>False</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>InputObject</maml:name><maml:description><maml:para>Specifies the counter data to export. Enter a variable that contains the data or a command that gets the data, such as a Get-Counter or Import-Counter command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">PerformanceCounterSampleSet[]</command:parameterValue><dev:type><maml:name>PerformanceCounterSampleSet[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>MaxSize</maml:name><maml:description><maml:para>Specifies the maximum size of the output file.</maml:para><maml:para>If the Circular parameter is specified, then when the log file reaches the specified maximum size, the oldest entries are deleted as newer ones are added. If the Circular parameter is not specified, then when the log file reaches the specified maximum size, no new data is added and the cmdlet generates a non-terminating error.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">UInt32</command:parameterValue><dev:type><maml:name>UInt32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByPropertyName)" position="1" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the path and file name of the output file. Enter a relative or absolute path on the local computer, or a Uniform Naming Convention (UNC) path to a remote computer, such as \\Computer\Share\file.blg. This parameter is required.</maml:para><maml:para>Note: The file format is determined by the value of the FileFormat parameter, not by the file name extension in the path.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name> Microsoft.PowerShell.Commands.GetCounter.PerformanceCounterSampleSet</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>You can pipe performance counter data from Get-Counter or Import-Counter to Export-Counter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para></maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>The log file generator expects that all input objects have the same counter path and that the objects are arranged in ascending time order.</maml:para><maml:para>The counter type and path of the first input object determines the properties recorded in the log file. If other input objects do not have a value for a recorded property, the property field is empty. If the objects have property values that were not recorded, the extra property values are ignored.</maml:para><maml:para>Performance Monitor might not be able to read all logs that Export-Counter generates. For example, Performance Monitor requires that all objects have the same path and that all objects are separated by the same time interval.</maml:para><maml:para>The Import-Counter cmdlet does not have a ComputerName parameter. However, if the computer is configured for Windows PowerShell remoting, you can use the Invoke-Command cmdlet to run an Import-Counter command on a remote computer.</maml:para></maml:alert><maml:alert><maml:para></maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-Counter "\Processor(*)\% Processor Time" | Export-Counter -Path $home\Counters.blg </dev:code><dev:remarks><maml:para>This command exports counter data to a .blg file.</maml:para><maml:para>The command uses the Get-Counter cmdlet to collect processor time data. It uses a pipeline operator (|) to send the data to the Export-Counter cmdlet. The Export-Counter command uses the Path variable to specify the output file.</maml:para><maml:para>Because the data set might be very large, this command sends the data to Export-Counter through the pipeline. If the data were saved in a variable, the command might use a disproportionate amount of memory.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command uses the built-in Windows PowerShell conversion feature to store the value of 1 gigabyte (GB) in bytes in the $1GBInBytes variable. When you type a value followed by K (kilobyte), MB (megabyte), or GB, Windows PowerShell returns the value in bytes. PS C:\>$1GBInBytes = 1GB The second command uses the Import-Counter cmdlet to import performance counter data from the Threads.csv file. The example presumes that this file was previously exported by using the Export-Counter cmdlet. A pipeline operator (|) sends the imported data to the Export-Counter cmdlet. The command uses the Path parameter to specify the location of the output file. It uses the Circular and MaxSize parameters to direct Export-Counter to create a circular log that wraps at 1 GB. PS C:\>Import-Counter Threads.csv | Export-Counter -Path ThreadTest.blg -Circular -MaxSize $1GBinBytes </dev:code><dev:remarks><maml:para>These commands convert a CSV file to a counter data BLG format.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command uses the Get-Counter cmdlet to collect working set counter data from Server01, a remote computer. The command saves the data in the $c variable. PS C:\>$c = Get-Counter -ComputerName Server01 -Counter "\Process(*)\Working Set - Private" -MaxSamples 20 The second command uses a pipeline operator (|) to send the data in $c to the Export-Counter cmdlet, which saves it in the Workingset.blg file in the Perf share of the Server01 computer. PS C:\>$c | Export-Counter -Path \\Server01\Perf\WorkingSet.blg </dev:code><dev:remarks><maml:para>This example shows how to get performance counter data from a remote computer and save the data in a file on the remote computer.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command uses the Import-Counter cmdlet to import performance counter data from the DiskSpace.blg log. It saves the data in the $All variable. This file contains samples of the "LogicalDisk\% Free Space" counter on more than 200 remote computers in the enterprise. PS C:\>$All = Import-Counter DiskSpace.blg The second command uses the CounterSamples property of the sample set object in $All and the Where-Object cmdlet (alias = "where") to select objects with CookedValues of less than 15 (percent). The command saves the results in the $LowSpace variable. PS C:\>$LowSpace = $All.CounterSamples | where {$_.CookedValues -lt 15} The third command uses a pipeline operator (|) to send the data in the $LowSpace variable to the Export-Counter cmdlet. The command uses the Path parameter to indicate that the selected data should be logged in the LowDiskSpace.blg file. PS C:\>$LowSpace | Export-Counter -Path LowDiskSpace.blg </dev:code><dev:remarks><maml:para>This example shows how to use the Import-Counter and Export-Counter cmdlets to re-log existing data.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=289624</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-Counter</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Import-Counter</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-Counter</command:name><maml:description><maml:para>Gets performance counter data from local and remote computers.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>Counter</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-Counter cmdlet gets live, real-time performance counter data directly from the performance monitoring instrumentation in Windows. You can use it to get performance data from the local or remote computers at the sample interval that you specify.</maml:para><maml:para>Without parameters, a "Get-Counter" command gets counter data for a set of system counters.</maml:para><maml:para>You can use the parameters of Get-Counter to specify one or more computers, to list the performance counter sets and the counters that they contain, and to set the sample size and interval.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-Counter</maml:name><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>Counter</maml:name><maml:description><maml:para>Gets data from the specified performance counters. Enter one or more counter paths. Wildcards are permitted only in the Instance value. You can also pipe counter path strings to Get-Counter.</maml:para><maml:para>Each counter path has the following format:</maml:para><maml:para>"[\\<ComputerName>]\<CounterSet>(<Instance>)\<CounterName>"</maml:para><maml:para>For example:</maml:para><maml:para>"\\Server01\Processor(2)\% User Time"</maml:para><maml:para>The <ComputerName> element is optional. If you omit it, Get-Counter uses the value of the ComputerName parameter.</maml:para><maml:para>Note: To get correctly formatted counter paths, use the ListSet parameter to get a performance counter set. The Paths and PathsWithInstances properties of each performance counter set contain the individual counter paths formatted as a string. You can save the counter path strings in a variable or pipe the string directly to another Get-Counter command. For a demonstration, see the examples.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases="Cn"><maml:name>ComputerName</maml:name><maml:description><maml:para>Gets data from the specified computers. Type the NetBIOS name, an Internet Protocol (IP) address, or the fully qualified domain names of the computers. The default value is the local computer.</maml:para><maml:para>Note: Get-Counter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter of Get-Counter even if your computer is not configured for remoting in Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Continuous</maml:name><maml:description><maml:para>Gets samples continuously until you press CTRL+C. By default, Get-Counter gets only one counter sample. You can use the SampleInterval parameter to set the interval for continuous sampling.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>MaxSamples</maml:name><maml:description><maml:para>Specifies the number of samples to get from each counter. The default is 1 sample. To get samples continuously (no maximum sample size), use the Continuous parameter.</maml:para><maml:para>To collect a very large data set, consider running a Get-Counter command as a Windows PowerShell background job. For more information, see about_Jobs and Start-Job.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int64</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>SampleInterval</maml:name><maml:description><maml:para>Specifies the time between samples in seconds. The minimum value and the default value are 1 second.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-Counter</maml:name><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>ListSet</maml:name><maml:description><maml:para>Gets the specified performance counter sets on the computers. Enter the names of the counter sets. Wildcards are permitted. You can also pipe counter set names to Get-Counter.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases="Cn"><maml:name>ComputerName</maml:name><maml:description><maml:para>Gets data from the specified computers. Type the NetBIOS name, an Internet Protocol (IP) address, or the fully qualified domain names of the computers. The default value is the local computer.</maml:para><maml:para>Note: Get-Counter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter of Get-Counter even if your computer is not configured for remoting in Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases="Cn"><maml:name>ComputerName</maml:name><maml:description><maml:para>Gets data from the specified computers. Type the NetBIOS name, an Internet Protocol (IP) address, or the fully qualified domain names of the computers. The default value is the local computer.</maml:para><maml:para>Note: Get-Counter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter of Get-Counter even if your computer is not configured for remoting in Windows PowerShell.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue>Local computer</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Continuous</maml:name><maml:description><maml:para>Gets samples continuously until you press CTRL+C. By default, Get-Counter gets only one counter sample. You can use the SampleInterval parameter to set the interval for continuous sampling.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>False</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>Counter</maml:name><maml:description><maml:para>Gets data from the specified performance counters. Enter one or more counter paths. Wildcards are permitted only in the Instance value. You can also pipe counter path strings to Get-Counter.</maml:para><maml:para>Each counter path has the following format:</maml:para><maml:para>"[\\<ComputerName>]\<CounterSet>(<Instance>)\<CounterName>"</maml:para><maml:para>For example:</maml:para><maml:para>"\\Server01\Processor(2)\% User Time"</maml:para><maml:para>The <ComputerName> element is optional. If you omit it, Get-Counter uses the value of the ComputerName parameter.</maml:para><maml:para>Note: To get correctly formatted counter paths, use the ListSet parameter to get a performance counter set. The Paths and PathsWithInstances properties of each performance counter set contain the individual counter paths formatted as a string. You can save the counter path strings in a variable or pipe the string directly to another Get-Counter command. For a demonstration, see the examples.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>ListSet</maml:name><maml:description><maml:para>Gets the specified performance counter sets on the computers. Enter the names of the counter sets. Wildcards are permitted. You can also pipe counter set names to Get-Counter.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>MaxSamples</maml:name><maml:description><maml:para>Specifies the number of samples to get from each counter. The default is 1 sample. To get samples continuously (no maximum sample size), use the Continuous parameter.</maml:para><maml:para>To collect a very large data set, consider running a Get-Counter command as a Windows PowerShell background job. For more information, see about_Jobs and Start-Job.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int64</command:parameterValue><dev:type><maml:name>Int64</maml:name><maml:uri /></dev:type><dev:defaultValue>1</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>SampleInterval</maml:name><maml:description><maml:para>Specifies the time between samples in seconds. The minimum value and the default value are 1 second.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue>1</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.String[]</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>You can pipe counter paths and counter set (ListSet) names to Get-Counter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.PowerShell.Commands.GetCounter.CounterSet, Microsoft.PowerShell.Commands.GetCounter.PerformanceCounterSampleSet, Microsoft.PowerShell.Commands.GetCounter.PerformanceCounterSample</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>The ListSet parameter gets Microsoft.PowerShell.Commands.GetCounter.CounterSet objects. The Counter parameter gets Microsoft.PowerShell.Commands.GetCounter.PerformanceCounterSampleSet objects. Each counter value is a Microsoft.PowerShell.Commands.GetCounter.PerformanceCounterSample object.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>Performance counters are often protected by access control lists (ACLs). To get all available performance counters, open Windows PowerShell with the "Run as administrator" option.</maml:para><maml:para>By default, Get-Counter gets one sample during a one-second sample interval. To change this behavior, use the MaxSamples and Continuous parameters.</maml:para><maml:para>The MaxSamples and SampleInterval values that you set apply to all the counters on all the computers in the command. To set different values for different counters, enter separate Get-Counter commands for each counter.</maml:para></maml:alert><maml:alert><maml:para></maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-Counter -ListSet * </dev:code><dev:remarks><maml:para>This command gets all of the counter sets on the local computer. </maml:para><maml:para>Because many of the counter sets are protected by access control lists (ACLs), to see all counter sets, open Windows PowerShell with the "Run as administrator" option before using the Get-Counter command.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-Counter -Counter "\Processor(_Total)\% Processor Time" -SampleInterval 2 -MaxSamples 3 </dev:code><dev:remarks><maml:para>This command gets the current "% Processor Time" combined values for all processors on the local computer. It collects data every two seconds until it has three values.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-Counter -ListSet * | Sort-Object CounterSetName | Format-Table CounterSetName </dev:code><dev:remarks><maml:para>This command gets an alphabetically sorted list of the names of all of the counter sets on the local computer.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command gets the path names of the performance counters in the Memory counter set on the local computer. PS C:\>(Get-Counter -ListSet Memory).Paths \Memory\Page Faults/sec \Memory\Available Bytes \Memory\Committed Bytes \Memory\Commit Limit \Memory\Write Copies/sec \Memory\Transition Faults/sec \Memory\Cache Faults/sec \Memory\Demand Zero Faults/sec \Memory\Pages/sec \Memory\Pages Input/sec ... The second command gets the path names that include "cache". PS C:\>(Get-Counter -ListSet Memory).Paths | Where {$_ -like "*Cache*"} \Memory\Cache Faults/sec \Memory\Cache Bytes \Memory\Cache Bytes Peak \Memory\System Cache Resident Bytes \Memory\Standby Cache Reserve Bytes \Memory\Standby Cache Normal Priority Bytes \Memory\Standby Cache Core Bytes </dev:code><dev:remarks><maml:para>These commands use the Path property of a counter set to find the correctly formatted path names for the performance counters. You can use a command like this one to get the correct counter path names.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command saves the Disk Reads/sec counter path in the $DiskReads variable. PS C:\>$DiskReads = "\LogicalDisk(C:)\Disk Reads/sec" The second command uses a pipeline operator (|) to send the counter path in the $DiskReads variable to the Get-Counter cmdlet. The command uses the MaxSamples parameter to limit the output to 10 samples. PS C:\>$DiskReads | Get-Counter -Computer Server01, Server02 -MaxSamples 10 </dev:code><dev:remarks><maml:para>These commands get the Disk Reads/sec counter data from the Server01 and Server02 computers.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 6 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>(Get-Counter -List PhysicalDisk).PathsWithInstances </dev:code><dev:remarks><maml:para>This command gets the correctly formatted path names for the PhysicalDisk performance counters, including the instance names.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 7 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command uses the Get-Content cmdlet to get the list of enterprise servers from the Servers.txt file. It uses the Get-Random cmdlet to select 50 server names randomly from the Servers.txt file contents. The results are saved in the $Servers variable. PS C:\>$Servers = Get-Random (Get-Content Servers.txt) -Count 50 The second command saves the path to the "% DPC Time" counter in the $Counter variable. The counter path includes a wildcard character in the instance name to get the data on all of the processors on each of the computers. PS C:\>$Counter = "\Processor(*)\% DPC Time" The third command uses the Get-Counter cmdlet to get the counter values. It uses the Counter parameter to specify the counters and the ComputerName parameter to specify the computers saved in the $servers variable. PS C:\>Get-Counter -Counter $Counter -ComputerName $Servers </dev:code><dev:remarks><maml:para>These commands get the value of the "% DPC Time" performance counter on 50 randomly select computers in the enterprise.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 8 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command uses the Get-Counter cmdlet to get the counter paths. It saves them in the $MemCounters variable. PS C:\>$MemCounters = (Get-Counter -List Memory).Paths The second command uses the Get-Counter cmdlet to get the counter data for each counter. It uses the Counter parameter to specify the counters in the $MemCounters variable. PS C:\>Get-Counter -Counter $MemCounters </dev:code><dev:remarks><maml:para>These commands get a single value for all of the performance counters in the Memory counter set on the local computer.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 9 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command saves a counter path in the $Counter variable. PS C:\>$Counter = "\\SERVER01\Process(Idle)\% Processor Time" The second command uses the Get-Counter cmdlet to get one sample of the counter values. It saves the results in the $Data variable. PS C:\>$Data = Get-Counter $Counter The third command uses the Format-List cmdlet to display all the properties of the CounterSamples property of the sample set object as a list. PS C:\>$Data.CounterSamples | Format-List –Property * Path : \\SERVER01\process(idle)\% processor time InstanceName : idle CookedValue : 198.467899571389 RawValue : 14329160321003 SecondValue : 128606459528326201 MultipleCount : 1 CounterType : Timer100Ns Timestamp : 7/15/2008 6:39:12 PM Timestamp100NSec : 128606207528320000 Status : 0 DefaultScale : 0 TimeBase : 10000000 </dev:code><dev:remarks><maml:para>This example shows the property values in the PerformanceCounterSample object that represents each data sample. You can use the properties of the CounterSamples object to examine, select, sort, and group the data.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 10 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Start-Job -ScriptBlock {Get-Counter -Counter "\LogicalDisk(_Total)\% Free Space" -MaxSamples 1000} </dev:code><dev:remarks><maml:para>The command runs a Get-Counter command as background job. For more information, see Start-Job.</maml:para><maml:para>PS C:\></maml:para><maml:para>PS C:\></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para><maml:para></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 11 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-Counter -ComputerName (Get-Random Servers.txt -Count 50) -Counter "\LogicalDisk(*)\% Free Space" </dev:code><dev:remarks><maml:para>This command uses the Get-Counter and Get-Random cmdlets to find the percentage of free disk space on 50 computers selected randomly from the Servers.txt file.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 12 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command uses the Get-Counter cmdlet to get the "LogicalDisk\% Free Space" counter value from two remote computers, S1 and S2. It saves the result in the $DiskSpace variable. PS C:\>$DiskSpace = Get-Counter "\LogicalDisk(_Total)\% Free Space" -ComputerName s1, s2 The second command displays the results that were saved in the $DiskSpace variable. All of the data is stored in the object, but it is not easy to see it in this form. PS C:\>$DiskSpace Timestamp CounterSamples --------- -------------- 7/29/2009 3:04:33 PM \\s1\\logicaldisk(_total)\% free space : 45.6992854507028 \\s2\\logicaldisk(_total)\% free space : 3.73238142733405 The third command displays in a table the value of the CounterSamples property of the PerformanceCounterSampleSet object that Get-Counter returns. (To see all of the properties and methods of the object, pipe it to the Get-Member cmdlet.) PS C:\>$DiskSpace.CounterSamples | Format-Table -AutoSize Path InstanceName CookedValue ---- ------------ ----------- \\s1\\logicaldisk(_total)\% free space _total 45.6992854507028 \\s2\\logicaldisk(_total)\% free space _total 3.73238142733405 The CounterSamples property contains a PerformanceCounterSample object with its own properties and methods. The fourth command uses array notation to get the first counter sample and a pipeline operator to send the counter sample object to the Format-List cmdlet, which displays all of its properties and property value in a list. This display shows the richness of the data in each counter sample object. PS C:\>$DiskSpace.countersamples[0] | Format-Table -Property * Path : \\localhost\\logicaldisk(_total)\% free space InstanceName : _total CookedValue : 45.6992854507028 RawValue : 108980 SecondValue : 238472 MultipleCount : 1 CounterType : RawFraction Timestamp : 7/29/2009 3:04:33 PM Timestamp100NSec : 128933534734680000 Status : 0 DefaultScale : 0 TimeBase : 14318180 The fifth command shows how to select data from the counter samples. It uses the Where-Object cmdlet to get only the counter samples with a CookedValue of less than 15. PS C:\>$DiskSpace.CounterSamples | Where-Object {$_.CookedValue -lt 15} Path InstanceName CookedValue ---- ------------ ----------- \\s2\\logicaldisk(_total)\% free... _total 3.73238142733405 </dev:code><dev:remarks><maml:para>This example shows how to associate counter data with the computer on which it originated, and how to manipulate the data.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 13 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command uses the Get-Counter cmdlet to get the "Process\% Processor Time" counter for all the processes on the computer. The command saves the results in the $p variable. PS C:\>$p = Get-counter '\Process(*)\% Processor Time' The second command gets the CounterSamples property of the sample set object in $p. It uses the Sort-Object cmdlet to sort the samples in descending order based on the cooked value of the sample. Then, the command uses Format-Table cmdlet to display the data in a table and its AutoSize parameter to optimize the display. PS C:\>$p.CounterSamples | Sort-Object -Property CookedValue -Descending | Format-Table -Auto Path InstanceName CookedValue ---- ------------ ----------- \\server01\process(_total)\% processor time _total 200.00641042078 \\server01\process(idle)\% processor time idle 200.00641042078 \\server01\process(explorer#1)\% processor time explorer 0 \\server01\process(dwm#1)\% processor time dwm 0 \\server01\process(taskeng#1)\% processor time taskeng 0 \\server01\process(taskhost#1)\% processor time taskhost 0 \\server01\process(winlogon)\% processor time winlogon 0 \\server01\process(csrss)\% processor time csrss 0 </dev:code><dev:remarks><maml:para>This example shows how to sort the performance counter data that you retrieve. The example finds the processes on the computer that are using the most processor time during the sampling.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 14 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command gets one sample of the "Process\Working Set - Private" counter for each process. The command saves the counter data in the $ws variable. PS C:\>$ws = Get-Counter "\Process(*)\Working Set - Private" The second command uses a pipeline operator (|) to send the data in the CounterSamples property of the $ws variable to the Sort-Object cmdlet, where the process data is sorted in descending order by the value of the CookedValue property. Another pipeline sends the sorted data to the Format-Table cmdlet, where the data is formatted as a table with InstanceName and CookedValue columns. PS C:\>$ws.CounterSamples | Sort-Object -Property CookedValue -Descending | Format-Table -Property InstanceName, CookedValue -AutoSize InstanceName CookedValue ------------ ----------- _total 162983936 svchost 40370176 powershell 15110144 explorer 14135296 svchost 10928128 svchost 9027584 ... </dev:code><dev:remarks><maml:para>These commands find the processes on the computer with the largest working sets. They list the processes in descending order based on their working set size.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 15 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-Counter -Counter "\Processor(_Total)\% Processor Time" -Continuous </dev:code><dev:remarks><maml:para>This command gets a series of samples of the Processor\% Processor Time counter at the default one second interval. To stop the command, press CTRL + C. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=289625</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Export-Counter</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Import-Counter</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-WinEvent</command:name><maml:description><maml:para>Gets events from event logs and event tracing log files on local and remote computers.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>WinEvent</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-WinEvent cmdlet gets events from event logs, including classic logs, such as the System and Application logs, and the event logs that are generated by the Windows Event Log technology introduced in Windows Vista. It also gets events in log files generated by Event Tracing for Windows (ETW).</maml:para><maml:para>Without parameters, a Get-WinEvent command gets all the events from all the event logs on the computer. To interrupt the command, press CTRL + C.</maml:para><maml:para>Get-WinEvent also lists event logs and event log providers. You can get events from selected logs or from logs generated by selected event providers. And, you can combine events from multiple sources in a single command. Get-WinEvent allows you to filter events by using XPath queries, structured XML queries, and simplified hash-table queries.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-WinEvent</maml:name><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>LogName</maml:name><maml:description><maml:para>Gets events from the specified event logs. Enter the event log names in a comma-separated list. Wildcards are permitted. You can also pipe log names to Get-WinEvent.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputerName</maml:name><maml:description><maml:para>Gets events from the event logs on the specified computer. Type the NetBIOS name, an Internet Protocol (IP) address, or the fully qualified domain name of the computer. The default value is the local computer.</maml:para><maml:para>This parameter accepts only one computer name at a time. To find event logs or events on multiple computers, use a ForEach statement. For more information about this parameter, see the examples.</maml:para><maml:para>To get events and event logs from remote computers, the firewall port for the event log service must be configured to allow remote access.</maml:para><maml:para>This cmdlet does not rely on Windows PowerShell remoting. You can use the ComputerName parameter even if your computer is not configured to run remote commands.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default value is the current user.</maml:para><maml:para>Type a user name, such as User01 or Domain01\User01. Or, enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password. If you type only the parameter name, you will be prompted for both a user name and a password.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>FilterXPath</maml:name><maml:description><maml:para>Uses an XPath query to select events from one or more logs.</maml:para><maml:para>For more information about the XPath language, see "XPath Reference" in the MSDN library at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=242509</maml:linkText><maml:uri></maml:uri></maml:navigationLink> and "Selection Filters" in "Event Selection" in the MSDN library at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=242510</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Gets debug and analytic logs, in addition to other event logs. The Force parameter is required to get a debug or analytic log when the value of the name parameter includes wildcard characters.</maml:para><maml:para>By default, Get-WinEvent excludes these logs unless you specify the full name of a debug or analytic log.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>MaxEvents</maml:name><maml:description><maml:para>Specifies the maximum number of events that Get-WinEvent returns. Enter an integer. The default is to return all the events in the logs or files.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int64</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Oldest</maml:name><maml:description><maml:para>Returns the events in oldest-first order. By default, events are returned in newest-first order.</maml:para><maml:para>This parameter is required to get events from .etl and .evt files and from debug and analytic logs. In these files, events are recorded in oldest-first order, and the events can be returned only in oldest-first order.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-WinEvent</maml:name><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>ListProvider</maml:name><maml:description><maml:para>Gets the specified event log providers. An event log provider is a program or service that writes events to the event log.</maml:para><maml:para>Enter the provider names in a comma-separated list. Wildcards are permitted. To get the providers of all the event logs on the computer, enter a value of *.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputerName</maml:name><maml:description><maml:para>Gets events from the event logs on the specified computer. Type the NetBIOS name, an Internet Protocol (IP) address, or the fully qualified domain name of the computer. The default value is the local computer.</maml:para><maml:para>This parameter accepts only one computer name at a time. To find event logs or events on multiple computers, use a ForEach statement. For more information about this parameter, see the examples.</maml:para><maml:para>To get events and event logs from remote computers, the firewall port for the event log service must be configured to allow remote access.</maml:para><maml:para>This cmdlet does not rely on Windows PowerShell remoting. You can use the ComputerName parameter even if your computer is not configured to run remote commands.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default value is the current user.</maml:para><maml:para>Type a user name, such as User01 or Domain01\User01. Or, enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password. If you type only the parameter name, you will be prompted for both a user name and a password.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-WinEvent</maml:name><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByPropertyName)" position="1" aliases=""><maml:name>ProviderName</maml:name><maml:description><maml:para>Gets events written by the specified event log providers. Enter the provider names in a comma-separated list, or use wildcard characters to create provider name patterns.</maml:para><maml:para>An event log provider is a program or service that writes events to the event log. It is not a Windows PowerShell provider.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputerName</maml:name><maml:description><maml:para>Gets events from the event logs on the specified computer. Type the NetBIOS name, an Internet Protocol (IP) address, or the fully qualified domain name of the computer. The default value is the local computer.</maml:para><maml:para>This parameter accepts only one computer name at a time. To find event logs or events on multiple computers, use a ForEach statement. For more information about this parameter, see the examples.</maml:para><maml:para>To get events and event logs from remote computers, the firewall port for the event log service must be configured to allow remote access.</maml:para><maml:para>This cmdlet does not rely on Windows PowerShell remoting. You can use the ComputerName parameter even if your computer is not configured to run remote commands.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default value is the current user.</maml:para><maml:para>Type a user name, such as User01 or Domain01\User01. Or, enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password. If you type only the parameter name, you will be prompted for both a user name and a password.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>FilterXPath</maml:name><maml:description><maml:para>Uses an XPath query to select events from one or more logs.</maml:para><maml:para>For more information about the XPath language, see "XPath Reference" in the MSDN library at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=242509</maml:linkText><maml:uri></maml:uri></maml:navigationLink> and "Selection Filters" in "Event Selection" in the MSDN library at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=242510</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Gets debug and analytic logs, in addition to other event logs. The Force parameter is required to get a debug or analytic log when the value of the name parameter includes wildcard characters.</maml:para><maml:para>By default, Get-WinEvent excludes these logs unless you specify the full name of a debug or analytic log.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>MaxEvents</maml:name><maml:description><maml:para>Specifies the maximum number of events that Get-WinEvent returns. Enter an integer. The default is to return all the events in the logs or files.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int64</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Oldest</maml:name><maml:description><maml:para>Returns the events in oldest-first order. By default, events are returned in newest-first order.</maml:para><maml:para>This parameter is required to get events from .etl and .evt files and from debug and analytic logs. In these files, events are recorded in oldest-first order, and the events can be returned only in oldest-first order.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-WinEvent</maml:name><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>ListLog</maml:name><maml:description><maml:para>Gets the specified event logs. Enter the event log names in a comma-separated list. Wildcards are permitted. To get all the logs, enter a value of *.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputerName</maml:name><maml:description><maml:para>Gets events from the event logs on the specified computer. Type the NetBIOS name, an Internet Protocol (IP) address, or the fully qualified domain name of the computer. The default value is the local computer.</maml:para><maml:para>This parameter accepts only one computer name at a time. To find event logs or events on multiple computers, use a ForEach statement. For more information about this parameter, see the examples.</maml:para><maml:para>To get events and event logs from remote computers, the firewall port for the event log service must be configured to allow remote access.</maml:para><maml:para>This cmdlet does not rely on Windows PowerShell remoting. You can use the ComputerName parameter even if your computer is not configured to run remote commands.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default value is the current user.</maml:para><maml:para>Type a user name, such as User01 or Domain01\User01. Or, enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password. If you type only the parameter name, you will be prompted for both a user name and a password.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Gets debug and analytic logs, in addition to other event logs. The Force parameter is required to get a debug or analytic log when the value of the name parameter includes wildcard characters.</maml:para><maml:para>By default, Get-WinEvent excludes these logs unless you specify the full name of a debug or analytic log.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-WinEvent</maml:name><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>FilterHashtable</maml:name><maml:description><maml:para>Uses a query in hash table format to select events from one or more event logs. The query contains a hash table with one or more key-value pairs.</maml:para><maml:para>Hash table queries have the following rules:</maml:para><maml:para>-- Keys and values are case-insensitive.</maml:para><maml:para>-- Wildcard characters are valid only in the values associated with the LogName and ProviderName keys.</maml:para><maml:para>-- Each key can be listed only once in each hash-table.</maml:para><maml:para>-- The Path value takes paths to .etl, .evt, and .evtx log files.</maml:para><maml:para>-- The LogName, Path, and ProviderName keys can be used in the same query.</maml:para><maml:para>-- The UserID key can take a valid security identifier (SID) or a domain account name that can be used to construct a valid System.Security.Principal.NTAccount object.</maml:para><maml:para>-- The Data value takes event data in an unnamed field. This is for events in classic event logs.</maml:para><maml:para>-- The * key represents a named event data field.</maml:para><maml:para>When Get-WinEvent cannot interpret a key-value pair, it interprets the key as a case-sensitive name for the event data in the event.</maml:para><maml:para>The valid key-value pairs are as follows:</maml:para><maml:para>-- LogName=<String[]></maml:para><maml:para>-- ProviderName=<String[]></maml:para><maml:para>-- Path=<String[]></maml:para><maml:para>-- Keywords=<Long[]></maml:para><maml:para>-- ID=<Int32[]></maml:para><maml:para>-- Level=<Int32[]></maml:para><maml:para>-- StartTime=<DateTime></maml:para><maml:para>-- EndTime=<DataTime></maml:para><maml:para>-- UserID=<SID></maml:para><maml:para>-- Data=<String[]></maml:para><maml:para>-- *=<String[]></maml:para></maml:description><command:parameterValue required="true" variableLength="true">Hashtable[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputerName</maml:name><maml:description><maml:para>Gets events from the event logs on the specified computer. Type the NetBIOS name, an Internet Protocol (IP) address, or the fully qualified domain name of the computer. The default value is the local computer.</maml:para><maml:para>This parameter accepts only one computer name at a time. To find event logs or events on multiple computers, use a ForEach statement. For more information about this parameter, see the examples.</maml:para><maml:para>To get events and event logs from remote computers, the firewall port for the event log service must be configured to allow remote access.</maml:para><maml:para>This cmdlet does not rely on Windows PowerShell remoting. You can use the ComputerName parameter even if your computer is not configured to run remote commands.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default value is the current user.</maml:para><maml:para>Type a user name, such as User01 or Domain01\User01. Or, enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password. If you type only the parameter name, you will be prompted for both a user name and a password.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Gets debug and analytic logs, in addition to other event logs. The Force parameter is required to get a debug or analytic log when the value of the name parameter includes wildcard characters.</maml:para><maml:para>By default, Get-WinEvent excludes these logs unless you specify the full name of a debug or analytic log.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>MaxEvents</maml:name><maml:description><maml:para>Specifies the maximum number of events that Get-WinEvent returns. Enter an integer. The default is to return all the events in the logs or files.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int64</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Oldest</maml:name><maml:description><maml:para>Returns the events in oldest-first order. By default, events are returned in newest-first order.</maml:para><maml:para>This parameter is required to get events from .etl and .evt files and from debug and analytic logs. In these files, events are recorded in oldest-first order, and the events can be returned only in oldest-first order.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-WinEvent</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>FilterXml</maml:name><maml:description><maml:para>Uses a structured XML query to select events from one or more event logs.</maml:para><maml:para>To generate a valid XML query, use the Create Custom View and Filter Current Log features in Event Viewer. Use the items in the dialog box to create a query, and then click the XML tab to view the query in XML format. You can copy the XML from the XML tab into the value of the FilterXml parameter. For more information about the Event Viewer features, see Event Viewer Help.</maml:para><maml:para>Typically, you use an XML query to create a complex query that contains several XPath statements. The XML format also allows you to use a "Suppress" XML element that excludes events from the query. For more information about the XML schema for event log queries, see the following topics in the MSDN (Microsoft Developer Network) library.</maml:para><maml:para>-- "Query Schema": http://go.microsoft.com/fwlink/?LinkId=143685</maml:para><maml:para>-- "XML Event Queries" in "Event Selection": http://go.microsoft.com/fwlink/?LinkID=143608</maml:para></maml:description><command:parameterValue required="true" variableLength="false">XmlDocument</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputerName</maml:name><maml:description><maml:para>Gets events from the event logs on the specified computer. Type the NetBIOS name, an Internet Protocol (IP) address, or the fully qualified domain name of the computer. The default value is the local computer.</maml:para><maml:para>This parameter accepts only one computer name at a time. To find event logs or events on multiple computers, use a ForEach statement. For more information about this parameter, see the examples.</maml:para><maml:para>To get events and event logs from remote computers, the firewall port for the event log service must be configured to allow remote access.</maml:para><maml:para>This cmdlet does not rely on Windows PowerShell remoting. You can use the ComputerName parameter even if your computer is not configured to run remote commands.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default value is the current user.</maml:para><maml:para>Type a user name, such as User01 or Domain01\User01. Or, enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password. If you type only the parameter name, you will be prompted for both a user name and a password.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>MaxEvents</maml:name><maml:description><maml:para>Specifies the maximum number of events that Get-WinEvent returns. Enter an integer. The default is to return all the events in the logs or files.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int64</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Oldest</maml:name><maml:description><maml:para>Returns the events in oldest-first order. By default, events are returned in newest-first order.</maml:para><maml:para>This parameter is required to get events from .etl and .evt files and from debug and analytic logs. In these files, events are recorded in oldest-first order, and the events can be returned only in oldest-first order.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Get-WinEvent</maml:name><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByPropertyName)" position="1" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Gets events from the specified event log files. Enter the paths to the log files in a comma-separated list, or use wildcard characters to create file path patterns.</maml:para><maml:para>Get-WinEvent supports files with the .evt, .evtx, and .etl file name extensions. You can include events from different files and file types in the same command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default value is the current user.</maml:para><maml:para>Type a user name, such as User01 or Domain01\User01. Or, enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password. If you type only the parameter name, you will be prompted for both a user name and a password.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>FilterXPath</maml:name><maml:description><maml:para>Uses an XPath query to select events from one or more logs.</maml:para><maml:para>For more information about the XPath language, see "XPath Reference" in the MSDN library at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=242509</maml:linkText><maml:uri></maml:uri></maml:navigationLink> and "Selection Filters" in "Event Selection" in the MSDN library at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=242510</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>MaxEvents</maml:name><maml:description><maml:para>Specifies the maximum number of events that Get-WinEvent returns. Enter an integer. The default is to return all the events in the logs or files.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int64</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Oldest</maml:name><maml:description><maml:para>Returns the events in oldest-first order. By default, events are returned in newest-first order.</maml:para><maml:para>This parameter is required to get events from .etl and .evt files and from debug and analytic logs. In these files, events are recorded in oldest-first order, and the events can be returned only in oldest-first order.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ComputerName</maml:name><maml:description><maml:para>Gets events from the event logs on the specified computer. Type the NetBIOS name, an Internet Protocol (IP) address, or the fully qualified domain name of the computer. The default value is the local computer.</maml:para><maml:para>This parameter accepts only one computer name at a time. To find event logs or events on multiple computers, use a ForEach statement. For more information about this parameter, see the examples.</maml:para><maml:para>To get events and event logs from remote computers, the firewall port for the event log service must be configured to allow remote access.</maml:para><maml:para>This cmdlet does not rely on Windows PowerShell remoting. You can use the ComputerName parameter even if your computer is not configured to run remote commands.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue>Local computer</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Credential</maml:name><maml:description><maml:para>Specifies a user account that has permission to perform this action. The default value is the current user.</maml:para><maml:para>Type a user name, such as User01 or Domain01\User01. Or, enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, you will be prompted for a password. If you type only the parameter name, you will be prompted for both a user name and a password.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">PSCredential</command:parameterValue><dev:type><maml:name>PSCredential</maml:name><maml:uri /></dev:type><dev:defaultValue>Current user</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>FilterHashtable</maml:name><maml:description><maml:para>Uses a query in hash table format to select events from one or more event logs. The query contains a hash table with one or more key-value pairs.</maml:para><maml:para>Hash table queries have the following rules:</maml:para><maml:para>-- Keys and values are case-insensitive.</maml:para><maml:para>-- Wildcard characters are valid only in the values associated with the LogName and ProviderName keys.</maml:para><maml:para>-- Each key can be listed only once in each hash-table.</maml:para><maml:para>-- The Path value takes paths to .etl, .evt, and .evtx log files.</maml:para><maml:para>-- The LogName, Path, and ProviderName keys can be used in the same query.</maml:para><maml:para>-- The UserID key can take a valid security identifier (SID) or a domain account name that can be used to construct a valid System.Security.Principal.NTAccount object.</maml:para><maml:para>-- The Data value takes event data in an unnamed field. This is for events in classic event logs.</maml:para><maml:para>-- The * key represents a named event data field.</maml:para><maml:para>When Get-WinEvent cannot interpret a key-value pair, it interprets the key as a case-sensitive name for the event data in the event.</maml:para><maml:para>The valid key-value pairs are as follows:</maml:para><maml:para>-- LogName=<String[]></maml:para><maml:para>-- ProviderName=<String[]></maml:para><maml:para>-- Path=<String[]></maml:para><maml:para>-- Keywords=<Long[]></maml:para><maml:para>-- ID=<Int32[]></maml:para><maml:para>-- Level=<Int32[]></maml:para><maml:para>-- StartTime=<DateTime></maml:para><maml:para>-- EndTime=<DataTime></maml:para><maml:para>-- UserID=<SID></maml:para><maml:para>-- Data=<String[]></maml:para><maml:para>-- *=<String[]></maml:para></maml:description><command:parameterValue required="true" variableLength="true">Hashtable[]</command:parameterValue><dev:type><maml:name>Hashtable[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>FilterXPath</maml:name><maml:description><maml:para>Uses an XPath query to select events from one or more logs.</maml:para><maml:para>For more information about the XPath language, see "XPath Reference" in the MSDN library at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=242509</maml:linkText><maml:uri></maml:uri></maml:navigationLink> and "Selection Filters" in "Event Selection" in the MSDN library at <maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=242510</maml:linkText><maml:uri></maml:uri></maml:navigationLink>.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue>None</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>FilterXml</maml:name><maml:description><maml:para>Uses a structured XML query to select events from one or more event logs.</maml:para><maml:para>To generate a valid XML query, use the Create Custom View and Filter Current Log features in Event Viewer. Use the items in the dialog box to create a query, and then click the XML tab to view the query in XML format. You can copy the XML from the XML tab into the value of the FilterXml parameter. For more information about the Event Viewer features, see Event Viewer Help.</maml:para><maml:para>Typically, you use an XML query to create a complex query that contains several XPath statements. The XML format also allows you to use a "Suppress" XML element that excludes events from the query. For more information about the XML schema for event log queries, see the following topics in the MSDN (Microsoft Developer Network) library.</maml:para><maml:para>-- "Query Schema": http://go.microsoft.com/fwlink/?LinkId=143685</maml:para><maml:para>-- "XML Event Queries" in "Event Selection": http://go.microsoft.com/fwlink/?LinkID=143608</maml:para></maml:description><command:parameterValue required="true" variableLength="false">XmlDocument</command:parameterValue><dev:type><maml:name>XmlDocument</maml:name><maml:uri /></dev:type><dev:defaultValue>None</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Force</maml:name><maml:description><maml:para>Gets debug and analytic logs, in addition to other event logs. The Force parameter is required to get a debug or analytic log when the value of the name parameter includes wildcard characters.</maml:para><maml:para>By default, Get-WinEvent excludes these logs unless you specify the full name of a debug or analytic log.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>Debugging and analytic logs are not returned in response to queries that use wildcard characters.</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>ListLog</maml:name><maml:description><maml:para>Gets the specified event logs. Enter the event log names in a comma-separated list. Wildcards are permitted. To get all the logs, enter a value of *.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue>None</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>ListProvider</maml:name><maml:description><maml:para>Gets the specified event log providers. An event log provider is a program or service that writes events to the event log.</maml:para><maml:para>Enter the provider names in a comma-separated list. Wildcards are permitted. To get the providers of all the event logs on the computer, enter a value of *.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue>None</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>LogName</maml:name><maml:description><maml:para>Gets events from the specified event logs. Enter the event log names in a comma-separated list. Wildcards are permitted. You can also pipe log names to Get-WinEvent.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue>None</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>MaxEvents</maml:name><maml:description><maml:para>Specifies the maximum number of events that Get-WinEvent returns. Enter an integer. The default is to return all the events in the logs or files.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int64</command:parameterValue><dev:type><maml:name>Int64</maml:name><maml:uri /></dev:type><dev:defaultValue>All events</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Oldest</maml:name><maml:description><maml:para>Returns the events in oldest-first order. By default, events are returned in newest-first order.</maml:para><maml:para>This parameter is required to get events from .etl and .evt files and from debug and analytic logs. In these files, events are recorded in oldest-first order, and the events can be returned only in oldest-first order.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>False</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByPropertyName)" position="1" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Gets events from the specified event log files. Enter the paths to the log files in a comma-separated list, or use wildcard characters to create file path patterns.</maml:para><maml:para>Get-WinEvent supports files with the .evt, .evtx, and .etl file name extensions. You can include events from different files and file types in the same command.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue>None</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByPropertyName)" position="1" aliases=""><maml:name>ProviderName</maml:name><maml:description><maml:para>Gets events written by the specified event log providers. Enter the provider names in a comma-separated list, or use wildcard characters to create provider name patterns.</maml:para><maml:para>An event log provider is a program or service that writes events to the event log. It is not a Windows PowerShell provider.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue>None</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.String, System.Xml.XmlDocument, System.Collections.Hashtable. </maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>You can pipe a LogName (string), a FilterXML query, or a FilterHashTable query to Get-WinEvent.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Diagnostics.Eventing.Reader.EventLogConfiguration, System.Diagnostics.Eventing.Reader.EventLogRecord, System.Diagnostics.Eventing.Reader.ProviderMetadata</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>With the ListLog parameter, Get-WinEvent returns System.Diagnostics.Eventing.Reader.EventLogConfiguration objects. With the ListProvider parameter, Get-WinEvent returns System.Diagnostics.Eventing.Reader.ProviderMetadata objects. With all other parameters, Get-WinEvent returns System.Diagnostics.Eventing.Reader.EventLogRecord objects.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>Get-WinEvent runs on Windows Vista, Windows Server 2008 R2, and later versions of Windows.</maml:para></maml:alert><maml:alert><maml:para>Get-WinEvent is designed to replace the Get-EventLog cmdlet on computers running Windows Vista and later versions of Windows. Get-EventLog gets events only in classic event logs. Get-EventLog is retained in Windows PowerShell for backward compatibility.</maml:para></maml:alert><maml:alert><maml:para>The Get-WinEvent and Get-EventLog cmdlets are not supported in Windows Preinstallation Environment (Windows PE).</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-WinEvent -ListLog * </dev:code><dev:remarks><maml:para>This command gets all the logs on the local computer.</maml:para><maml:para>Logs are listed in the order that Get-WinEvent gets them. Classic logs are usually retrieved first, followed by the new Windows Eventing logs.</maml:para><maml:para>Because there are typically more than a hundred event logs, this parameter requires a log name or name pattern. To get all the logs, use *.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-WinEvent -ListLog Setup | Format-List -Property * FileSize : 69632 IsLogFull : False LastAccessTime : 2/14/2008 12:55:12 AM LastWriteTime : 7/9/2008 3:12:05 AM OldestRecordNumber : 1 RecordCount : 3 LogName : Setup LogType : Operational LogIsolation : Application IsEnabled : True IsClassicLog : False SecurityDescriptor : O:BAG:SYD:(A;;0xf0007;;;SY)(A; (A;;0x1;;;S-1-5-32-573) LogFilePath : %SystemRoot%\System32\Winevt\L MaximumSizeInBytes : 1052672 LogMode : Circular OwningProviderName : Microsoft-Windows-Eventlog ProviderNames : {Microsoft-Windows-WUSA, Micro ProviderLevel : ProviderKeywords : ProviderBufferSize : 64 ProviderMinimumNumberOfBuffers : 0 ProviderMaximumNumberOfBuffers : 64 ProviderLatency : 1000 ProviderControlGuid : </dev:code><dev:remarks><maml:para>These commands get an object that represents the classic System log on the local computer. The object includes useful information about the log, including its size, event log provider, file path, and whether it is enabled.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-WinEvent -ListLog * -ComputerName Server01 |Where-Object {$_.RecordCount} </dev:code><dev:remarks><maml:para>This command gets only event logs on the Server01 computer that contain events. Many logs might be empty.</maml:para><maml:para>The command uses the RecordCount property of the EventLogConfiguration object that Get-WinEvent returns when you use the ListLog parameter.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$s = "Server01", "Server02", "Server03" PS C:\>Foreach ($Server in $S) {$Server; Get-WinEvent -ListLog "Windows PowerShell" -Computername $Server} </dev:code><dev:remarks><maml:para>The commands in this example get objects that represent the Windows PowerShell event logs on the Server01, Server02, and Server03 computers. This command uses the Foreach keyword because the ComputerName parameter takes only one value.</maml:para><maml:para>The first command saves the names of the computers in the $s variable.</maml:para><maml:para>The second command uses a Foreach statement. For each of the computers in the $s variable, it performs the command in the script block (within the braces). First, the command prints the name of the computer. Then, it runs a Get-WinEvent command to get an object that represents the Windows PowerShell log.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-WinEvent -ListProvider * </dev:code><dev:remarks><maml:para>This command gets the event log providers on the local computer and the logs to which they write, if any.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 6 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>(Get-WinEvent -ListLog Application).ProviderNames </dev:code><dev:remarks><maml:para>This command gets all of the providers that write to the Application log on the local computer.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 7 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-WinEvent -ListProvider *policy* </dev:code><dev:remarks><maml:para>This command gets the event log providers whose names include the word "policy."</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 8 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>(Get-WinEvent -ListProvider Microsoft-Windows-GroupPolicy).Events | Format-Table ID, Description -AutoSize </dev:code><dev:remarks><maml:para>This command lists the event IDs that the Microsoft-Windows-GroupPolicy event provider generates along with the event description.</maml:para><maml:para>It uses the Events property of the object that Get-WinEvent returns when you use the ListProvider parameter, and it uses the ID and Description properties of the object in the Events property.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 9 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command uses the Get-WinEvent cmdlet to get all of the events in the Windows PowerShell event log. Then, it saves them in the $Events variable. The log name is enclosed in quotation marks because it contains a space. PS C:\>$Events = Get-WinEvent -LogName "Windows PowerShell" The second command uses the Count property of object collections to find the number of entries in the event log. PS C:\>$Events.Count 195 The third command displays the incidence of each event in the log, with the most frequent events first. In this example, event ID 600 is the most frequent event. PS C:\>$Events | Group-Object -Property Id -NoElement | Sort-Object -Property Count -Descending Count Name ----- ---- 147 600 22 400 21 601 3 403 2 103 The fourth command groups the items by the value of their LevelDisplayName property to show how many Error, Warning, and Information events are in the log. PS C:\>$Events | Group-Object -Property LevelDisplayName -NoElement Count Name ----- ---- 2 Warning 193 Information </dev:code><dev:remarks><maml:para>This example shows how to use the properties of the event objects that Get-WinEvent returns to learn about the events in an event log.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 10 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-WinEvent -LogName *disk*, Microsoft-Windows-Kernel-WHEA </dev:code><dev:remarks><maml:para>This command gets the error events whose names include "disk" from all of the event logs on the computer and from the Microsoft-Windows-Kernel-WHEA event log.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 11 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-WinEvent -Path 'c:\ps-test\Windows PowerShell.evtx' </dev:code><dev:remarks><maml:para>This command gets events from a copy of the Windows PowerShell event log file in a test directory. The path is enclosed in quotation marks because the log name includes a space.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 12 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command gets the 100 oldest events in the log. It uses the Get-WinEvent cmdlet to get events from the Tracelog.etl file. It uses the MaxEvents parameter to limit the retrieval to 100 events. Because the events are listed in the order in which they are written to the log (oldest first), the Oldest parameter is required. PS C:\>Get-WinEvent -Path 'C:\Tracing\TraceLog.etl' -MaxEvents 100 -Oldest The second command gets the 100 newest events in the log. It uses the Get-WinEvent cmdlet to get all the events from the Tracing.etl file. It pipes the events to the Sort-Object cmdlet, which sorts them in descending order by the value of the TimeCreated property. Then, it pipes the sorted events to the Select-Object cmdlet to select the newest 100 events. PS C:\>Get-WinEvent -Path 'C:\Tracing\TraceLog.etl' -Oldest | Sort-Object -Property TimeCreated -Descending | Select-Object -First 100 </dev:code><dev:remarks><maml:para>These commands get the first 100 events from an Event Tracing for Windows (ETW) event trace log file.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 13 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-WinEvent -Path "C:\Tracing\TraceLog.etl", "c:\Logs\Windows PowerShell.evtx" -Oldest | Where-Object {$_.ID -eq "103"} </dev:code><dev:remarks><maml:para>This example shows how to get the events from an event trace log file (.etl) and from a copy of the Windows PowerShell log file (.evtx) that was saved to a test directory.</maml:para><maml:para>You can combine multiple file types in a single command. Because the files contain the same type of .NET Framework object (an EventLogRecord object), you can use the same properties to filter them.</maml:para><maml:para>The command requires the Oldest parameter because it is reading from an .etl file, but the Oldest parameter applies to both of the files.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 14 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\># Use the Where-Object cmdlet PS C:\>$yesterday = (Get-Date) - (New-TimeSpan -Day 1) PS C:\>Get-WinEvent -LogName "Windows PowerShell" | Where-Object {$_.TimeCreated -ge $yesterday} # Uses FilterHashTable PS C:\>$yesterday = (Get-Date) - (New-TimeSpan -Day 1) PS C:\>Get-WinEvent -FilterHashTable @{LogName='Windows PowerShell'; Level=3; StartTime=$yesterday} # Use FilterXML PS C:\>Get-WinEvent -FilterXML "<QueryList><Query><Select Path='Windows PowerShell'>*[System[Level=3 and TimeCreated[timediff(@SystemTime)&lt;= 86400000]]]</Select></Query></QueryList>" # Use FilterXPath PS C:\>Get-WinEvent -LogName "Windows Powershell" -FilterXPath "*[System[Level=3 and TimeCreated[timediff(@SystemTime) &lt;= 86400000]]]" </dev:code><dev:remarks><maml:para>This example shows different filtering methods for selecting events from an event log. All of these commands get events that occurred in the last 24 hours from the Windows PowerShell event log.</maml:para><maml:para>The filter methods are more efficient than using the Where-Object cmdlet because the filters are applied while the objects are being retrieved, rather than retrieving all the objects and then filtering them.</maml:para><maml:para>Because dates are difficult to formulate in the XML and XPath formats, to create the XML content for the date, the Filter Current Log feature of Event Viewer is used. For more information about this feature, see Event Viewer Help.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 15 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$date = (Get-Date).AddDays(-2) PS C:\>$events = Get-WinEvent -FilterHashTable @{ LogName = "Microsoft-Windows-Diagnostics-Performance/Operational"; StartTime = $date; ID = 100 } </dev:code><dev:remarks><maml:para>This example uses a filter hash table to get events from the performance log.</maml:para><maml:para>The first command uses the Get-Date cmdlet and the AddDays method to get a date that is two days before the current date. It saves the date in the $date variable.</maml:para><maml:para>The second command uses the Get-WinEvent cmdlet with the FilterHashTable parameter. The keys in the hash table define a filter that selects events from the performance log that occurred within the last two days and that have event ID 100.</maml:para><maml:para>The LogName key specifies the event log, the StartTime key specifies the date, and the ID key specifies the event ID.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 16 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$StartTime = (Get-Date).AddDays(-7) PS C:\>$IE_Error = Get-WinEvent -FilterHashtable @{Logname="Application"; ProviderName="Application Error"; Data="iexplore.exe"; StartTime=$StartTime} </dev:code><dev:remarks><maml:para>This example uses a filter hash table to find Internet Explorer application errors that occurred within the last week.</maml:para><maml:para>The first command gets the date that is seven days before the current date and stores it in the $StartTime variable.</maml:para><maml:para>The second command uses the Get-WinEvent cmdlet with the FilterHashTable parameter. The keys in the hash table define a filter that selects events from the Application log that were written by the Application Error provider and include the phrase "iexplore.exe".</maml:para><maml:para>The LogName key specifies the event log. The ProviderName key specifies the event provider, the StartTime key specifies the starting date of the events, and the Data key specifies the text in the event message.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=289626</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-Counter</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-EventLog</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>about_EventLogs</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Import-Counter</command:name><maml:description><maml:para>Imports performance counter log files (.blg, .csv, .tsv) and creates the objects that represent each counter sample in the log. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Import</command:verb><command:noun>Counter</command:noun><dev:version /></command:details><maml:description><maml:para>The Import-Counter cmdlet imports performance counter data from performance counter log files and creates objects for each counter sample in the file. The PerformanceCounterSampleSet objects that it creates are identical to the objects that Get-Counter returns when it collects performance counter data.</maml:para><maml:para>You can import data from comma-separated value (.csv), tab-separated value ( .tsv), and binary performance log (.blg) performance log files. If you are using .blg files, you can import multiple files (up to 32 different files) in each command. And, you can use the parameters of Import-Counter to filter the data that you import.</maml:para><maml:para>Along with Get-Counter and Export-Counter, this feature lets you collect, export, import, combine, filter, manipulate, and re-export performance counter data within Windows PowerShell.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Import-Counter</maml:name><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the file paths of the files to be imported. This parameter is required.</maml:para><maml:para>Enter the path and file name of a, .csv,, .tsv, or .blg file that you exported by using the Export-Counter cmdlet. You can specify only one .csv or .tsv file, but you can specify multiple .blg files (up to 32) in each command. You can also pipe file path strings (in quotation marks) to Import-Counter.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="true (ByValue)" position="named" aliases=""><maml:name>Counter</maml:name><maml:description><maml:para>Imports data only for the specified performance counters. By default, Import-Counter imports all data from all counters in the input files. Enter one or more counter paths. Wildcards are permitted in the Instance part of the path.</maml:para><maml:para>Each counter path has the following format. Notice that the ComputerName value is required in the path, even on the local computer.</maml:para><maml:para>"\\<ComputerName>\<CounterSet>(<Instance>)\<CounterName>"</maml:para><maml:para>For example:</maml:para><maml:para>"\\Server01\Processor(2)\% User Time"</maml:para><maml:para>"\\Server01\Processor(*)\% Processor Time</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>EndTime</maml:name><maml:description><maml:para>Imports only counter data with a timestamp less than or equal to the specified date and time. Enter a DateTime object, such as one created by the Get-Date cmdlet. By default, Import-Counter imports all counter data in the files specified by the Path parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>MaxSamples</maml:name><maml:description><maml:para>Specifies the maximum number of samples of each counter to import. By default, Get-Counter imports all of the data in the files specified by the Path parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int64</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>StartTime</maml:name><maml:description><maml:para>Imports only counter data with a timestamp greater than or equal to the specified date and time. Enter a DateTime object, such as one created by the Get-Date cmdlet. By default, Import-Counter imports all counter data in the files specified by the Path parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Import-Counter</maml:name><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the file paths of the files to be imported. This parameter is required.</maml:para><maml:para>Enter the path and file name of a, .csv,, .tsv, or .blg file that you exported by using the Export-Counter cmdlet. You can specify only one .csv or .tsv file, but you can specify multiple .blg files (up to 32) in each command. You can also pipe file path strings (in quotation marks) to Import-Counter.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>ListSet</maml:name><maml:description><maml:para>Gets the performance counter sets that are represented in the exported files. Commands with this parameter do not import any data.</maml:para><maml:para>Enter one or more counter set names. Wildcards are permitted. To get all counter sets in the file, type "import-counter -listset *".</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Import-Counter</maml:name><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the file paths of the files to be imported. This parameter is required.</maml:para><maml:para>Enter the path and file name of a, .csv,, .tsv, or .blg file that you exported by using the Export-Counter cmdlet. You can specify only one .csv or .tsv file, but you can specify multiple .blg files (up to 32) in each command. You can also pipe file path strings (in quotation marks) to Import-Counter.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Summary</maml:name><maml:description><maml:para>Gets a summary of the imported data, instead of getting individual counter data samples.</maml:para></maml:description></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="true" globbing="true" pipelineInput="true (ByValue)" position="named" aliases=""><maml:name>Counter</maml:name><maml:description><maml:para>Imports data only for the specified performance counters. By default, Import-Counter imports all data from all counters in the input files. Enter one or more counter paths. Wildcards are permitted in the Instance part of the path.</maml:para><maml:para>Each counter path has the following format. Notice that the ComputerName value is required in the path, even on the local computer.</maml:para><maml:para>"\\<ComputerName>\<CounterSet>(<Instance>)\<CounterName>"</maml:para><maml:para>For example:</maml:para><maml:para>"\\Server01\Processor(2)\% User Time"</maml:para><maml:para>"\\Server01\Processor(*)\% Processor Time</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue>All counter</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>EndTime</maml:name><maml:description><maml:para>Imports only counter data with a timestamp less than or equal to the specified date and time. Enter a DateTime object, such as one created by the Get-Date cmdlet. By default, Import-Counter imports all counter data in the files specified by the Path parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue><dev:type><maml:name>DateTime</maml:name><maml:uri /></dev:type><dev:defaultValue>No end time</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>ListSet</maml:name><maml:description><maml:para>Gets the performance counter sets that are represented in the exported files. Commands with this parameter do not import any data.</maml:para><maml:para>Enter one or more counter set names. Wildcards are permitted. To get all counter sets in the file, type "import-counter -listset *".</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>MaxSamples</maml:name><maml:description><maml:para>Specifies the maximum number of samples of each counter to import. By default, Get-Counter imports all of the data in the files specified by the Path parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int64</command:parameterValue><dev:type><maml:name>Int64</maml:name><maml:uri /></dev:type><dev:defaultValue>No maximum</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="true" pipelineInput="true (ByValue, ByPropertyName)" position="1" aliases=""><maml:name>Path</maml:name><maml:description><maml:para>Specifies the file paths of the files to be imported. This parameter is required.</maml:para><maml:para>Enter the path and file name of a, .csv,, .tsv, or .blg file that you exported by using the Export-Counter cmdlet. You can specify only one .csv or .tsv file, but you can specify multiple .blg files (up to 32) in each command. You can also pipe file path strings (in quotation marks) to Import-Counter.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="true (ByValue, ByPropertyName)" position="named" aliases=""><maml:name>StartTime</maml:name><maml:description><maml:para>Imports only counter data with a timestamp greater than or equal to the specified date and time. Enter a DateTime object, such as one created by the Get-Date cmdlet. By default, Import-Counter imports all counter data in the files specified by the Path parameter.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">DateTime</command:parameterValue><dev:type><maml:name>DateTime</maml:name><maml:uri /></dev:type><dev:defaultValue>No start time</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Summary</maml:name><maml:description><maml:para>Gets a summary of the imported data, instead of getting individual counter data samples.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>False</dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.String</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>You can pipe performance counter log paths to Import-Counter.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.PowerShell.Commands.GetCounter.PerformanceCounterSampleSet, Microsoft.PowerShell.Commands.GetCounter.CounterSet, Microsoft.PowerShell.Commands.GetCounter.CounterFileInfo</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>By default, Import-Counter returns a Microsoft.PowerShell.Commands.GetCounter.PerformanceCounterSampleSet. If you use the ListSet parameter, Import-Command returns a Microsoft.PowerShell.Commands.GetCounter.CounterSet object. If you use the Summary parameter, Import-Command returns a Microsoft.PowerShell.Commands.GetCounter.CounterFileInfo object.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>The Import-Counter cmdlet does not have a ComputerName parameter. However, if the computer is configured for Windows PowerShell remoting, you can use the Invoke-Command cmdlet to run an Import-Counter command on a remote computer.</maml:para></maml:alert><maml:alert><maml:para></maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title> -------------------------- EXAMPLE 1 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$Data = Import-Counter -Path ProcessorData.csv </dev:code><dev:remarks><maml:para>This command imports all of the counter data from the ProcessorData.csv file into the $Data variable.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 2 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$i = Import-Counter -Path ProcessorData.blg -Counter "\\SERVER01\Processor(_Total)\Interrupts/sec" </dev:code><dev:remarks><maml:para>This command imports only the "Processor(_total)\Interrupts/sec" counter data from the ProcessorData.blg file into the $i variable. </maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 3 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command uses Import-Counter to import all of the performance counter data from the ProcessorData.blg files. The command saves the data in the $Data variable. PS C:\>$Data = Import-Counter .\ProcessorData.blg The second command displays the counter paths in the $Data variable. To get the display shown in the command output, the example uses the Format-Table cmdlet to format as a table the counter paths of the first counter in the $Data variable. PS C:\>$Data[0].CounterSamples | Format-Table -Property Path Path ---- \\SERVER01\Processor(_Total)\DPC Rate \\SERVER01\Processor(1)\DPC Rate \\SERVER01\Processor(0)\DPC Rate \\SERVER01\Processor(_Total)\% Idle Time \\SERVER01\Processor(1)\% Idle Time \\SERVER01\Processor(0)\% Idle Time \\SERVER01\Processor(_Total)\% C3 Time \\SERVER01\Processor(1)\% C3 Time The third command gets the counter paths that end in "Interrupts/sec" and saves the paths in the $IntCtrs variable. It uses the Where-Object cmdlet to filter the counter paths and the ForEach-Object cmdlet to get only the value of the Path property of each selected path object. PS C:\>$IntCtrs = $Data[0].Countersamples | Where-Object {$_.Path -like "*Interrupts/sec"} | ForEach-Object {$_.Path} The fourth command displays the selected counter paths in the $IntCtrs variable. PS C:\>$IntCtrs \\SERVER01\Processor(_Total)\Interrupts/sec \\SERVER01\Processor(1)\Interrupts/sec \\SERVER01\Processor(0)\Interrupts/sec The fifth command uses the Import-Counter cmdlet to import the data. It uses the $IntCtrs variable as the value of the Counter parameter to import only data for the counter paths in $IntCtrs. PS C:\>$i = Import-Counter -Path .\ProcessorData.blg -Counter $intCtrs The sixth command uses the Export-Counter cmdlet to export the data to the Interrupts.csv file. PS C:\>$i | Export-Counter -Path .\Interrupts.csv -Format CSV </dev:code><dev:remarks><maml:para>This example shows how to select data from a performance counter log file (.blg) and then export the selected data to a .csv file. The first four commands get the counter paths from the file and save them in a variable. The last two commands import selected data and then export only the selected data.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 4 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command uses the ListSet parameter of the Import-Counter cmdlet to get all of the counter sets that are represented in a counter data file. PS C:\>Import-Counter -Path ProcessorData.csv -ListSet * CounterSetName : Processor MachineName : \\SERVER01 CounterSetType : MultiInstance Description : Paths : {\\SERVER01\Processor(*)\DPC Rate, \\SERVER01\Processor(*)\% Idle Time, \\SERVER01 \Processor(*)\% C3 Time, \\SERVER01\Processor(*)\% Interrupt Time...} PathsWithInstances : {\\SERVER01\Processor(_Total)\DPC Rate, \\SERVER01\Processor(1)\DPC Rate, \\SERVER01 \Processor(0)\DPC Rate, \\SERVER01\Processor(_Total)\% Idle Time...} Counter : {\\SERVER01\Processor(*)\DPC Rate, \\SERVER01\Processor(*)\% Idle Time, \\SERVER01 \Processor(*)\% C3 Time, \\SERVER01\Processor(*)\% Interrupt Time...} The second command gets all of the counter paths from the list set. PS C:\>Import-Counter -Path ProcessorData.csv -ListSet * | ForEach-Object {$_.Paths} \\SERVER01\Processor(*)\DPC Rate \\SERVER01\Processor(*)\% Idle Time \\SERVER01\Processor(*)\% C3 Time \\SERVER01\Processor(*)\% Interrupt Time \\SERVER01\Processor(*)\% C2 Time \\SERVER01\Processor(*)\% User Time \\SERVER01\Processor(*)\% C1 Time \\SERVER01\Processor(*)\% Processor Time \\SERVER01\Processor(*)\C1 Transitions/sec \\SERVER01\Processor(*)\% DPC Time \\SERVER01\Processor(*)\C2 Transitions/sec \\SERVER01\Processor(*)\% Privileged Time \\SERVER01\Processor(*)\C3 Transitions/sec \\SERVER01\Processor(*)\DPCs Queued/sec \\SERVER01\Processor(*)\Interrupts/sec </dev:code><dev:remarks><maml:para>This example shows how to display all the counter paths in a group of imported counter sets.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 5 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command lists in a table the time stamps of all of the data in the ProcessorData.blg file. PS C:\>Import-Counter -Path .\disk.blg | Format-Table –Property Timestamp The second command saves particular time stamps in the $Start and $End variables. The strings are cast to DateTime objects. PS C:\>$Start = [datetime]"7/9/2008 3:47:00 PM"; $End = [datetime]"7/9/2008 3:47:59 PM" The third command uses the Import-Counter cmdlet to get only counter data that has a time stamp between the start and end times (inclusive). The command uses the StartTime and EndTime parameters of Import-Counter to specify the range. PS C:\>Import-Counter -Path Disk.blg -StartTime $start -EndTime $end </dev:code><dev:remarks><maml:para>This example imports only the counter data that has a time stamp between the starting an ending ranges specified in the command.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 6 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command uses the Import-Counter cmdlet to import the first (oldest) five samples from the Disk.blg file. The command uses the MaxSamples parameter to limit the import to five counter samples. PS C:\>Import-Counter -Path Disk.blg -MaxSamples 5 The second command uses array notation and the Windows PowerShell range operator (..) to get the last five counter samples from the file. These are the five newest samples. PS C:\>(Import-Counter -Path Disk.blg)[-1 .. -5] </dev:code><dev:remarks><maml:para>This example shows how to import the five oldest and five newest samples from a performance counter log file.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 7 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Import-Counter D:\Samples\memory.blg -Summary OldestRecord NewestRecord SampleCount ------------ ------------ ----------- 7/10/2008 2:59:18 PM 7/10/2008 3:00:27 PM 1000 </dev:code><dev:remarks><maml:para>This command uses the Summary parameter of the Import-Counter cmdlet to get a summary of the counter data in the Memory.blg file.</maml:para><maml:para>PS C:\></maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 8 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>The first command uses the ListSet parameter of Import-Counter to get the counters in OldData.blg, an existing counter log file. The command uses a pipeline operator (|) to send the data to a ForEach-Object command that gets only the values of the PathsWithInstances property of each object PS C:\>$Counters = Import-Counter OldData.blg -ListSet * | ForEach-Object {$_.PathsWithInstances} The second command gets updated data for the counters in the $Counters variable. It uses the Get-Counter cmdlet to get a current sample, and then export the results to the NewData.blg file. PS C:\>Get-Counter -Counter $Counters -MaxSamples 20 | Export-Counter C:\Logs\NewData.blg </dev:code><dev:remarks><maml:para>This example updates a performance counter log file.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title> -------------------------- EXAMPLE 9 -------------------------- </maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>$counters = "d:\test\pdata.blg", "d:\samples\netlog.blg" | import-counter </dev:code><dev:remarks><maml:para>This command imports performance log data from two logs and saves the data in the $Counters variable. The command uses a pipeline operator to send the performance log paths to Import-Counter, which imports the data from the specified paths.</maml:para><maml:para>Notice that each path is enclosed in quotation marks and that the paths are separated from each other by a comma.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=289627</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Export-Counter</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-Counter</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>New-WinEvent</command:name><maml:description><maml:para>Creates a new Windows event for the specified event provider.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>New</command:verb><command:noun>WinEvent</command:noun><dev:version /></command:details><maml:description><maml:para>The New-WinEvent cmdlet creates an Event Tracing for Windows (ETW) event for an event provider. You can use this cmdlet to add events to ETW channels from Windows PowerShell.</maml:para><maml:para></maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>New-WinEvent</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>ProviderName</maml:name><maml:description><maml:para>Specifies the event provider that writes the event to an event log, such as "Microsoft-Windows-PowerShell". An ETW event provider is a logical entity that writes events to ETW sessions.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Id</maml:name><maml:description><maml:para>Specifies an event id that was registered through an instrumentation manifest.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="3" aliases=""><maml:name>Payload</maml:name><maml:description><maml:para>Specifies the message for the event. When the event is written to an event log, the payload is stored in the Message property of the event object.</maml:para><maml:para>When the specified payload does not match the payload in the event definition, Windows PowerShell generates a warning, but the command still succeeds.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Object[]</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Version</maml:name><maml:description><maml:para>Specifies the version number of the event. Type the event number. Windows PowerShell converts the number to the required Byte type.</maml:para><maml:para>This parameter lets you specify an event when different versions of the same event are defined.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Byte</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="2" aliases=""><maml:name>Id</maml:name><maml:description><maml:para>Specifies an event id that was registered through an instrumentation manifest.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Int32</command:parameterValue><dev:type><maml:name>Int32</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="false" position="3" aliases=""><maml:name>Payload</maml:name><maml:description><maml:para>Specifies the message for the event. When the event is written to an event log, the payload is stored in the Message property of the event object.</maml:para><maml:para>When the specified payload does not match the payload in the event definition, Windows PowerShell generates a warning, but the command still succeeds.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Object[]</command:parameterValue><dev:type><maml:name>Object[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="1" aliases=""><maml:name>ProviderName</maml:name><maml:description><maml:para>Specifies the event provider that writes the event to an event log, such as "Microsoft-Windows-PowerShell". An ETW event provider is a logical entity that writes events to ETW sessions.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Version</maml:name><maml:description><maml:para>Specifies the version number of the event. Type the event number. Windows PowerShell converts the number to the required Byte type.</maml:para><maml:para>This parameter lets you specify an event when different versions of the same event are defined.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Byte</command:parameterValue><dev:type><maml:name>Byte</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>This cmdlet does not take input from the pipeline.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>This cmdlet does to generate any output.</maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><maml:alertSet><maml:title /><maml:alert><maml:para>After the provider writes the even to an eventlog, you can use the Get-WinEvent cmdlet to get the event from the event log.</maml:para></maml:alert><maml:alert><maml:para>For information about Event Tracing for Windows, see "Improve Debugging And Performance Tuning With ETW" in MSDN Magazine at http://msdn.microsoft.com/en-us/magazine/cc163437.aspx.</maml:para></maml:alert></maml:alertSet><command:examples><command:example><maml:title>Example 1</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>New-WinEvent -ProviderName Microsoft-Windows-PowerShell -Id 45090 -Payload @("Workflow", "Running") </dev:code><dev:remarks><maml:para>This command uses the New-WinEvent cmdlet to create event 45090 for the Microsoft-Windows-PowerShell provider.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=289628</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Get-WinEvent</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> </helpItems> |