Get-WinEvent -FilterHashTable with multiple IDs in a variable not working

powershell event-log

10,934

In your examples, with multiple IDs, you are doing two different things.

$EventId = "4625,4740" defines a string. Your working example uses an integer array defined as comma separated numbers.

Just change it to $EventId = 4625,4740 (remove the quotes) and that should work. Looking at the documentation for Get-WinEvent and the -FilterHashTable we see:

-- ID=<Int32[]>

So it is expecting an array and not a string.

10,934

Author by

adriansroaming

Updated on June 04, 2022

Comments

adriansroaming almost 2 years

This work for me:

Get-WinEvent -FilterHashTable @{Logname = "ForwardedEvents" ; ID = 4625,4740}

(.... results I expect...)

This works:

$EventId = "4625"

Get-WinEvent -FilterHashTable @{Logname = "ForwardedEvents" ; ID = $EventId}

This doesn't work:

$EventId = "4625,4740"

Get-WinEvent -FilterHashTable @{Logname = "ForwardedEvents" ; ID = $EventId}

Error...

  Get-WinEvent : No events were found that match the specified selection criteria.
At line:1 char:13
+ Get-WinEvent <<<<  -FilterHashTable @{Logname = "ForwardedEvents" ; ID = $EventIds}
+ CategoryInfo          : ObjectNotFound: (:) [Get-WinEvent], Exception
+ FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand

Can anyone help please?