Get-WinEventAround: Finding Windows Log Events Around A Given Time
Introduction
In systems engineering, one will sometimes get a report or indication that some problem occurred at a specific time. One would then like to know what else was happening around that time. I wrote a script to achieve that. You give it a time and/or date, and it returns Event records temporally proximate to that point in time.
The PowerShell command to retrieve an Event log record event or file is Get-WinEvent, so this script is named Get-WinEventAround — it gets events around that time.
It does a brute force search of every log on the system, so it can be a bit slow (especially before things are cached), but today's computers are fast, and knowledge is valuable.
Download: Get-WinEventAround.ps1
Usage
The script has documentation embedded at the start of the file. This is available using Get-Help as well.
Here a few examples to get you started.
Get-WinEventAround 3:27PM
Retrieves events within one minute of 3:27 PM today -- that is, from 3:26 PM, to 3:28 PM.
Get-WinEventAround 3pm -span 10 | select TimeCreated, Message | Out-GridView
Retrieves events within ten minutes of 3:00 PM today (from 2:50 PM to 3:10 PM). Selects only the timestamp and message fields. Displays the results in an interactive GUI table.
Get-WinEventAround -from '2023-02-15 23:00' -to 'Feb 16, 2am'
Retrieves events occurring from 11:00 PM on February 15 of 2023, to 2:00 AM on February 16 of the current year.
See the docs for more information.