How can I grep for a String in a powershell output using "|"?

Question

It seems like in powershell,

echo ASDF | Select-String ASDF

outputs the obvious string, ASDF.

However, if i attempt to look at WinEvents, and look for an output, i.e.

Get-WinEvent -ListLog * | Select-String antrea

It seems as if the raw text is not scanned.

Whats the right way to use Select-STring as if it were a standard unix Grep ?

Answer 1

Pipelines in PowerShell are slightly different from UNIX style shells - instead of passing string output from one command to the next, PowerShell passes raw .NET object references.

So you'll want to inspect the properties of the objects returned by Get-WinEvent - here using the Where-Object cmdlet:

Get-WinEvent -ListLog * |Where-Object LogName -Match SSH

---

If you want to inspect which properties are available on a specific object, use the Get-Member cmdlet:

PS ~> Get-WinEvent -ListLog * |Get-Member -MemberType Property

   TypeName: System.Diagnostics.Eventing.Reader.EventLogConfiguration

Name                           MemberType Definition
----                           ---------- ----------
IsClassicLog                   Property   bool IsClassicLog {get;}
IsEnabled                      Property   bool IsEnabled {get;set;}
LogFilePath                    Property   string LogFilePath {get;set;}
LogIsolation                   Property   System.Diagnostics.Eventing.Reader.EventLogIsolation LogIsolation {get;}
LogMode                        Property   System.Diagnostics.Eventing.Reader.EventLogMode LogMode {get;set;}
LogName                        Property   string LogName {get;}
LogType                        Property   System.Diagnostics.Eventing.Reader.EventLogType LogType {get;}
MaximumSizeInBytes             Property   long MaximumSizeInBytes {get;set;}
OwningProviderName             Property   string OwningProviderName {get;}
ProviderBufferSize             Property   System.Nullable[int] ProviderBufferSize {get;}
ProviderControlGuid            Property   System.Nullable[guid] ProviderControlGuid {get;}
ProviderKeywords               Property   System.Nullable[long] ProviderKeywords {get;set;}
ProviderLatency                Property   System.Nullable[int] ProviderLatency {get;}
ProviderLevel                  Property   System.Nullable[int] ProviderLevel {get;set;}
ProviderMaximumNumberOfBuffers Property   System.Nullable[int] ProviderMaximumNumberOfBuffers {get;}
ProviderMinimumNumberOfBuffers Property   System.Nullable[int] ProviderMinimumNumberOfBuffers {get;}
ProviderNames                  Property   System.Collections.Generic.IEnumerable[string] ProviderNames {get;}
SecurityDescriptor             Property   string SecurityDescriptor {get;set;}