我正在尝试从存档的事件日志文件中检索一些与错误和警告相关的信息。使用下面的查询可以忽略certein事件id,但需要忽略来自特定源的仅的事件id
下面的查询使ia m试图忽略那些事件id来获取输出,但查找可以是事件id&;来源(提供者名称(组合
Get-WinEvent -Oldest -FilterHashtable @{Path="20210317_system - Copy.evt" ;Level= 2,3} | Where-Object {$_.ID -ne "4"} | Where-Object {$_.ID -ne "36"} | Where-Object {$_.ID -ne "1111"} | Where-Object {$_.ID -ne "2004"} | Where-Object {$_.ID -ne "10010"} | Where-Object {$_.ID -ne "15300"} | Where-Object {$_.ID -ne "15301"}
使用not in,而不是多个where-object
Get-WinEvent -Oldest -FilterHashtable @{Path="20210317_system - Copy.evt"
;Level= 2,3} | Where-Object {$_.ID -notin (1,2,34)}
解决方案是可以这样使用它我用这个例子试了一下-notin。Get-WinEvent-Oldest-FilterHashtable@{Path="20210317_system-Copy.evt"Level=2,3}| Where Object{$.ProviderName-notin("b57nd60a","Microsoft Windows时间服务","终端服务打印机","资源消耗检测器","DistributedCOM","HTTPevent"(-或$.ID-notin 01530015301(},但是当我过去常常忽略/否定情况,我需要在两者之间使用"或"条件,我认为这是匹配还是不匹配