This is part 6 of my series of the most common PowerShell
errors that are made in my PowerShell classes.
I will be posting one a day to help you understand why an error occurred
and what the error’s meaning is.
Today’s error: Table columns are empty of property values
Here is our starting code:
Get-EventLog -LogName
Security -Newest
5 |
Select-Object
-Property Name, InstanceID, Timewritten
And here is the full error:
Name
InstanceId TimeWritten
----
---------- -----------
4634 12/10/2015 10:03:45 AM
4624 12/10/2015 10:03:45 AM
4672 12/10/2015 10:03:45 AM
4634 12/10/2015 10:03:25 AM
4624 12/10/2015 10:03:25 AM
No error message is provided, but we can see that the Name property is empty.
Resolution:
Discover the true name of the property.
Many times in my classes, my students make an assumption
about the name of an objects property.
When they do, they produce output with missing data. Always pipe your objects to Get-Member so you can see the actual
property names to use.
Get-EventLog -LogName
Security -Newest
5 | GM
TypeName:
System.Diagnostics.EventLogEntry#Security/Microsoft-Windows-Security-Auditing/4672
Name
MemberType Definition
----
---------- ----------
Disposed
Event System.EventHandler
Disposed(System.Object, System....
CreateObjRef
Method
System.Runtime.Remoting.ObjRef CreateObjRef(type re...
Dispose
Method void Dispose(),
void IDisposable.Dispose()
Equals
Method bool
Equals(System.Diagnostics.EventLogEntry otherE...
GetHashCode
Method int
GetHashCode()
GetLifetimeService
Method System.Object
GetLifetimeService()
GetObjectData
Method void
ISerializable.GetObjectData(System.Runtime.Ser...
GetType
Method type GetType()
InitializeLifetimeService Method System.Object
InitializeLifetimeService()
ToString
Method string
ToString()
Category
Property string Category
{get;}
CategoryNumber
Property int16
CategoryNumber {get;}
Container
Property
System.ComponentModel.IContainer Container {get;}
Data
Property byte[] Data
{get;}
EntryType
Property
System.Diagnostics.EventLogEntryType EntryType {get;}
Index
Property int Index
{get;}
InstanceId
Property long InstanceId
{get;}
MachineName
Property string MachineName
{get;}
Message
Property string Message
{get;}
ReplacementStrings
Property string[]
ReplacementStrings {get;}
Site
Property
System.ComponentModel.ISite Site {get;set;}
Source
Property string Source
{get;}
TimeGenerated
Property datetime
TimeGenerated {get;}
TimeWritten
Property datetime
TimeWritten {get;}
UserName
Property string UserName
{get;}
EventID
ScriptProperty System.Object EventID {get=$this.get_EventID() -ban...
If you need to see the values of the properties to help you
decide which one to use, pipe a single object to Select *.
Get-EventLog -LogName
Security -Newest
1 |
Select *
EventID :
4634
MachineName :
DC.PowerIT.com
Data : {}
Index :
428365
Category :
(12545)
CategoryNumber :
12545
EntryType :
SuccessAudit
Message : An
account was logged off.
Subject:
Security ID: S-1-5-18
Account Name: DC$
Account Domain: POWERIT
Logon ID: 0x21bc1a
Logon Type: 3
This event is generated when a logon session is destroyed. It may be
positively correlated with a logon event using the Logon ID value. Logon
IDs are only unique between reboots on the same computer.
Source :
Microsoft-Windows-Security-Auditing
ReplacementStrings : {S-1-5-18, DC$, POWERIT, 0x21bc1a...}
InstanceId :
4634
TimeGenerated :
12/10/2015 10:07:45 AM
TimeWritten :
12/10/2015 10:07:45 AM
UserName :
Site :
Container
:
Once you discover the correct property name, then change
your code
Get-EventLog -LogName
Security -Newest
5 |
Select-Object
-Property Source, InstanceID, Timewritten
Source InstanceId
TimeWritten
------
---------- -----------
Microsoft-Windows-Security-A... 4634 12/10/2015
10:06:45 AM
Microsoft-Windows-Security-A... 4624 12/10/2015
10:06:45 AM
Microsoft-Windows-Security-A... 4672 12/10/2015
10:06:45 AM
Microsoft-Windows-Security-A... 4634 12/10/2015 10:06:28 AM
Microsoft-Windows-Security-A... 4624 12/10/2015
10:06:28 AM
Comments