将值动态传递给get-winevent

Question

我使用下面的代码将值传递给Get-Winevent，但遇到编译问题，仅当存在值时才传递值，请建议

$StartDate  = Read-Date "Enter the start date of the logs, Ex: 17/07/2017 or 17/07/2017 09:00:00"
$EndDate    = Read-Date "Enter the End date of the logs, Ex: 19/07/2017 or 19/07/2017 10:00:00"
$Message    = Read-Host $prompt 'Message/String to search'

if ($StartDate) {
    $params['StartTime'] = $StartDate
}

if ($EndDate) { 
    $params['endtime'] = $EndDate
}

$Event_Logs_Content = Get-WinEvent -FilterHashtable {@params}

Answer 1

此选项将列出所有可用日志，因为您可以看到"-logname“后的星号，值得过滤到特定的日志。

$StartDate  = Read-Date "Enter the start date of the logs, Ex: 17/07/2017 or 17/07/2017 09:00:00"
$EndDate    = Read-Date "Enter the End date of the logs, Ex: 19/07/2017 or 19/07/2017 10:00:00"
$Message    = Read-Host $prompt 'Message/String to search'

$StartDate=get-date $StartDate -format "yyyy-MM-ddTHH:mm:ss"
$EndDate=get-date $EndDate -format "yyyy-MM-ddTHH:mm:ss"

$Event_Logs_Content = Get-EventLog -LogName * -After $StartDate -Before $EndDate