Often if any issue happens, then we have to check what happened to service by checking the event viewer logs.

We can check the event viewer log data by searching keywords using below command

Get-EventLog -LogName $Appname -Newest 10 -Message "*$EventMessage*"

You can do it in multiple servers using invoke-command

Invoke-command -computername server1,server2 -scriptblock{Get-EventLog -LogName $Appname -Newest 10 -Message "*$EventMessage*" }

It internally uses PowerShell remoting.

You can use the below method to search data . but it uses dcom protocol to connect and search data

Get-EventLog -ComputerName $Server -LogName $Appname | Where-Object { $_.Message -like "*$($EventMessage)*"}|select -First 10 *

What if we want to search servers parallelly.

workflow parallelEventCheck {

param(

[String[]]$ComputerName,

[string]$EventMessage,

[string[]]$ApplicationList

)

foreach –parallel ($Appname in $ApplicationList)

{

inlinescript{

Get-EventLog -LogName $Using:Appname -Newest 10 -Message "*$Using:EventMessage*"

}

}

}#parallelEventCheck

parallelEventCheck -PSComputerName `

Server1,Server2

-EventMessage Error `

-ApplicationList ‘Application’,’System’ |out-gridview

The DCOM will run 5 in parallel by default.

The WSMAN will run 32 in parallel by default.

Using DCOM Method:

workflow parallelEventCheck {

param(

[String[]]$ComputerName,

[string]$EventMessage,

[string[]]$ApplicationList

)

foreach –parallel ($CN in $ComputerName)

{

Write-Warning "Computer is $CN"

foreach –parallel ($Appname in $ApplicationList)

{

Write-Warning "AppName is $AppName"

InlineScript

{

Get-EventLog -LogName $Using:Appname -Newest 100 -Message "*$Using:EventMessage*" -CN $Using:CN |

Select MachineName,* -EA 0

}

}#ApplicationList

}#Computername

}#parallelEventCheck

parallelEventCheck -ComputerName Server1, Server2-EventMessage error -ApplicationList System

Regards,

Chaitanya