我创建了自己的事件日志,名为ScriptEvents,我使用一些脚本来写入.我想做的是运行这些命令(或类似的东西):
- Get-WinEvent -FilterHashtable @{logname='ScriptEvents'; id=1} -MaxEvents 1
- Get-WinEvent -FilterHashtable @{logname='ScriptEvents'; id=0} -MaxEvents 1
然后比较他们的TimeCreated值并在第一个事件早于第二个事件时执行操作.
这是这些命令的输出:
- ProviderName: PauseSnapshots
- TimeCreated Id LevelDisplayName Message
- ----------- -- ---------------- -------
- 9/26/2013 11:58:07 AM 1 Information Replication has been paused....
- ProviderName: ResumeSnapshots
- TimeCreated Id LevelDisplayName Message
- ----------- -- ---------------- -------
- 9/26/2013 1:30:42 PM 0 Information Replication has been resumed....
任何帮助,将不胜感激.
我可能只是使用Get-Date并比较DateTime对象.以下将使用您提供的值返回True.
- $evtOne = Get-WinEvent -FilterHashtable @{logname='ScriptEvents'; id=1} -MaxEvents 1
- $evtTwo = Get-WinEvent -FilterHashtable @{logname='ScriptEvents'; id=0} -MaxEvents 1
- (Get-Date $evtOne.TimeCreated) -lt (Get-Date $evtTwo.TimeCreated)
