[SOLVED] Include only the run date data in the WININIT output.

[PAB]

Good afternoon,

I have this code which does work and is run from a batch file . . .

Code: Select all

set "Log=%userprofile%\Desktop\WinInit_Log.txt"

Powershell -Command "& "Get-winevent -FilterHashTable @{logname='Application'; id='1001'}^|?{$_.providername -match 'wininit'} ^| fl timecreated, message ^| out-file '%Log%'"

The output includes ALL previous run data as well as the latest run data.

Is there a way to ONLY output the latest run data and exclude ALL the previous run data please?

As an extra question please. Is there a similar code that can be run on Win Vista [the above code doesn't work on Vista]. Just curious really! I know that the data can be viewed using Event Viewer => Windows Logs => Application => Actions => Filter => Event Sources => wininit.

Thanks in advance.

[aGerman]

That's rather related to PowerShell than a Batch question.
Try to pipe the output of where-object (?{...}) to

Code: Select all

select-object -first 1

Steffen

[PAB]

Thank you so much for the reply!

I am being a bit slow today, I don't quite follow what you mean or how I can incorporate that into the existing script.

Thanks in advance.

[aGerman]

Code: Select all

Powershell -Command "& "Get-winevent -FilterHashTable @{logname='Application'; id='1001'}^|?{$_.providername -match 'wininit'} ^| select-object -first 1 ^| fl timecreated, message ^| out-file '%Log%'"

… not tested though …

Steffen

[PAB]

Brilliant, thank you aGerman!