Menu
I am using Powershell 4 and trying to parse an archived event log into a csv file that includes all of the data and has headers associated with them. The closest I have been able to come is by using the following command:
Get-WinEvent -Path .\Security.evtx |Select-Object TimeCreated, ProviderName, Id, Message, Level, Keyword, UserID, Data, Subject, SubjectUserSid, SubjectUserName, SubjectLogonId, ComputerName | Export-Csv .\Logging.csv
This gives me all the header information for all of the fields in the csv file but the only fields that contain data are TimeCreated, ProviderName, ID, Level, & Message. I am trying to get the missing data into columns also but not succeeding. So what am I doing wrong here?
267
This was copied from an edit to the question itself, and should be credited to the original question author
Ok, I finally figured it out...At least for what I need to accomplish. Hopefully this will help someone.
Get-WinEvent -Path .\Security.evtx | select TimeCreated, ProviderName, Id, @{n='Message';e={$_.Message -replace '\s+', " "}} | Export-Csv .\Logging.csv
This code allows you to export the archived eventlog into csv with headers and puts the whole message body into one cell, which allows import into a database with ease when you have no tools to work with.
91
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
