Powershell - Get-WinEvent

Question

I have been looking all over the place to just figure out what this "Level" means running Get-WinEvent.

For example,

Get-WinEvent –FilterHashtable @{logname=’application’; level=2; starttime=$time; id=20}

What does level=2 represent here? The reason that I am asking is I am trying to validate the severity of each log and does that level=2 represent anything related to severity.

Answer 1

Let's try and find out:

#Get sample object
$t = Get-WinEvent -MaxEvents 1 -FilterHashtable @{ Logname='application'; level=2 }

#Explore properties and type
$t.GetType().Fullname
System.Diagnostics.Eventing.Reader.EventLogRecord

A quick msdn-search for EventLogRecord points us to the EventLogRecord.Level Property

Gets the level of the event. The level signifies the severity of the event. For the name of the level, get the value of the LevelDisplayName property

#Check out Level vs LevelDisplayName
$t | Format-Table -Property Level, LevelDisplayName -AutoSize

Level LevelDisplayName
----- ----------------
    2 Error 

A quick search in my log to list some level-values:

Get-WinEvent @{ logname='application' } | Select-Object Level, LevelDisplayName -Unique | Sort-Object Level

Level LevelDisplayName
----- ----------------
    0 Information     
    2 Error           
    3 Warning         
    4 Information     

It also says on the Level-property page that it uses the StandardEventLevel enum, so lets list it's values:

[enum]::GetValues([System.Diagnostics.Eventing.Reader.StandardEventLevel]) | Select-Object {$_}, {$_.value__ }

           $_ $_.value__ 
           -- -----------
    LogAlways           0
     Critical           1
        Error           2
      Warning           3
Informational           4
      Verbose           5

Answer 2

See this link for more info. MSDN

Effectively you're looking for a winmeta.xml file, but it'll have these for the base values :

• LogAlways: 0,
• Critical: 1,
• Error: 2,
• Warning: 3,
• Information: 4,
• Verbose: 5,
• rest below 16 are reserved