Exchange Event Log Powershell CMDlets
To view only the Exchange-related services that are currently running
Get-Service *exch* | Where-Object {$_.Status -eq ‘Running’}
The following example retrieves the services from every Exchange server in the organization:
Get-ExchangeServer | ForEach-Object {Get-Service *exch* -ComputerName $_.Name |Where-Object {$_.Status -eq ‘Running’}}
Get Events after specified Date
Get-EventLog -LogName application -after 1/9/2019 | where {$_.Entrytype -eq “Error”} | ft -wrap -autosize
Get Events after specified Date and Source
Get-EventLog -LogName application -after 1/9/2019 -source MSExchangeIS | Ft -wrap -autosize
Get Events after specified Date with Source only Warning and Error
Get-EventLog -LogName application -after 1/9/2019 -source MSExchangeIS | where {($_.Entrytype -eq “Warning” -or $_.Entrytype -eq “Error”)} -wrap -autosize
Get Specificied number of Events with Source only Warning and Error
Get-EventLog -LogName application -Newest 50 -source MSExchangeIS | where {($_.Entrytype -eq “Warning” -or $_.Entrytype -eq “Error”)} -wrap -autosize
Get Application Events after specified Date and Entrytype with a Specified word in the Message Field
Get-EventLog -LogName application -after 1/9/2019 | where {$_.Entrytype -eq “Error”}| Where-Object { $_.Message -match “mailbox” } | ft -wrap -autosize
Get Application Events after specified Date, Source and Entrytype with a Specified word in the Message Field
Get-EventLog -LogName application -after 1/9/2019 -source MSExchangeIS | where {($_.Entrytype -eq “Warning” -or $_.Entrytype -eq “Error”)}| Where-Object { $_.Message -match “mailbox” } | ft -wrap -autosize
Get Event by INDEX (unique qualifier)
Get-EventLog -LogName application -index 194201 | ft -wrap -autosize