1

I'm trying to read boot duration from event viewer via powershell. This is the command i use:

Get-WinEvent -FilterHashtable @{logname="Microsoft-Windows-Diagnostics-Performance/Operational"; id=100}

But I get this error message:

Get-WinEvent : No events were found that match the specified selection criteria.
At line:1 char:15
+ ... ootevents = Get-WinEvent -FilterHashtable @{logname="Microsoft-Window ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : ObjectNotFound: (:) [Get-WinEvent], Exception
+ FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand
New contributor
Daniel Shemesh is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct.
  • please format your question using the code tags inside the editor. This will help with readability. – Tarick Welling Jun 12 at 11:32
0

To get this information, you must run PowerShell as Administrator.

Then the below will probably do what you want:

Get-WinEvent -FilterHashtable @{LogName="Microsoft-Windows-Diagnostics-Performance/Operational"; Id=100} -MaxEvents 10 | ForEach-Object {
    # convert the event to XML and grab the Event node
    $eventXml = ([xml]$_.ToXml()).Event
    # output 
    [PSCustomObject]@{
        'Computer' = $eventXml.System.Computer
        'BootTime' = [int64]($eventXml.EventData.Data | Where-Object {$_.Name -eq 'BootTime'}).InnerXml
        'BootFinished' = [datetime]($eventXml.EventData.Data | Where-Object {$_.Name -eq 'BootEndTime'}).InnerXml
    }
}

The output will be something like this:

Computer BootTime BootFinished      
-------- -------- ------------      
YourPC   118733   12-6-2019 15:17:42
YourPC    40259   12-6-2019 11:40:11
YourPC    43884   12-6-2019 6:00:27 
YourPC    46158   11-6-2019 12:26:17
YourPC    37759   11-6-2019 10:00:30
YourPC    53178   11-6-2019 6:49:03 
YourPC    49745   10-6-2019 16:25:59
YourPC    39130   10-6-2019 11:14:59
YourPC    57165   10-6-2019 6:57:30 
YourPC    48230   9-6-2019 11:03:02

P.S. 'BootTime' is the number of milliseconds. The date format d-MM-yyyy HH:mm:ss is the default on my Dutch computer

Your Answer

Daniel Shemesh is a new contributor. Be nice, and check out our Code of Conduct.

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Not the answer you're looking for? Browse other questions tagged or ask your own question.