Skip to content

Exchange Event Logs CMDlets

Exchange Event Log Powershell CMDlets

To view only the Exchange-related services that are currently running

Get-Service *exch* | Where-Object {$_.Status -eq ‘Running’}

The following example retrieves the services from every Exchange server in the organization:

Get-ExchangeServer | ForEach-Object {Get-Service *exch* -ComputerName $_.Name |Where-Object {$_.Status -eq ‘Running’}}

Get Events after specified Date

Get-EventLog -LogName application -after 1/9/2019 | where {$_.Entrytype -eq “Error”} | ft -wrap -autosize

Get Events after specified Date and Source

Get-EventLog -LogName application -after 1/9/2019 -source MSExchangeIS | Ft -wrap -autosize

Get Events after specified Date with Source only Warning and Error

Get-EventLog -LogName application -after 1/9/2019 -source MSExchangeIS | where {($_.Entrytype -eq “Warning” -or $_.Entrytype -eq “Error”)} -wrap -autosize

Get Specificied number of Events with Source only Warning and Error

Get-EventLog -LogName application -Newest 50 -source MSExchangeIS | where {($_.Entrytype -eq “Warning” -or $_.Entrytype -eq “Error”)} -wrap -autosize

Get Application Events after specified Date and Entrytype with a Specified word in the Message Field

Get-EventLog -LogName application -after 1/9/2019 | where {$_.Entrytype -eq “Error”}| Where-Object { $_.Message -match “mailbox” } | ft -wrap -autosize

Get Application Events after specified Date, Source and Entrytype with a Specified word in the Message Field

Get-EventLog -LogName application -after 1/9/2019 -source MSExchangeIS | where {($_.Entrytype -eq “Warning” -or $_.Entrytype -eq “Error”)}| Where-Object { $_.Message -match “mailbox” } | ft -wrap -autosize

Get Event by INDEX (unique qualifier)

Get-EventLog -LogName application -index 194201 | ft -wrap -autosize

Leave a Reply

%d bloggers like this: