ProviderName: Microsoft-Windows-Security-SPP
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
2020-09-01 7:42:39 PM 16384 Information Successfully scheduled Software Protection service for re-start at…
2020-09-01 7:42:08 PM 16394 Information Offline downlevel migration succeeded.
ProviderName: ESENT
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
2020-09-01 7:37:15 PM 642 Warning svchost (3376,D,22) SRUJet: The database format feature version 91…
2020-09-01 7:18:38 PM 642 Warning svchost (3376,D,12) SRUJet: The database format feature version 90…
2020-09-01 7:18:37 PM 642 Warning svchost (3376,D,50) SRUJet: The database format feature version 91…
2020-09-01 7:18:32 PM 642 Warning DllHost (3112,D,12) Microsoft.Windows.Search_cw5n1h2txyewy_NOEDP_L…
2020-09-01 7:18:32 PM 642 Warning DllHost (3112,D,50) Microsoft.Windows.Search_cw5n1h2txyewy_NOEDP_L…
PS C:\Users\bob> Get-WinEvent application | group-object -property id
Count Name Group
----- ---- -----
102 0 {System.Diagnostics.Eventing.Reader.EventLogRecord, System.Diagnostics.Eventing.Reader…
5 1 {System.Diagnostics.Eventing.Reader.EventLogRecord, System.Diagnostics.Eventing.Reader…
13 5 {System.Diagnostics.Eventing.Reader.EventLogRecord, System.Diagnostics.Eventing.Reader…
163 15 {System.Diagnostics.Eventing.Reader.EventLogRecord, System.Diagnostics.Eventing.Reader…
41 63 {System.Diagnostics.Eventing.Reader.EventLogRecord, ...
PS C:\Users\bob> $errorGroup = Get-WinEvent application | where LevelDisplayName -match 'error' | group-object -property id | sort count -descending
PS C:\Users\bob> $errorGroup
Count Name Group
----- ---- -----
5 1000 {System.Diagnostics.Eventing.Reader.EventLogRecord, System.Diagnostics.Eventing.Reader…
4 8317 {System.Diagnostics.Eventing.Reader.EventLogRecord, System.Diagnostics.Eventing.Reader…
2 1002 {System.Diagnostics.Eventing.Reader.EventLogRecord, System.Diagnostics.Eventing.Reader…
1 257 {System.Diagnostics.Eventing.Reader.EventLogRecord}
1 264 {System.Diagnostics.Eventing.Reader.EventLogRecord}
PS C:\Users\bob> $errorGroup[0] | select -ExpandProperty Group
ProviderName: Application Error
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
2020-08-30 8:19:37 AM 1000 Error Faulting application name: stellaris.exe, version: 1.0.0.0, time s…
2020-08-30 8:19:20 AM 1000 Error Faulting application name: stellaris.exe, version: 1.0.0.0, time s…
2020-08-30 8:18:47 AM 1000 Error Faulting application name: stellaris.exe, version: 1.0.0.0, time s…
2020-08-30 8:13:55 AM 1000 Error Faulting application name: stellaris.exe, version: 1.0.0.0, time s…
2020-08-30 8:08:05 AM 1000 Error Faulting application name: stellaris.exe, version: 1.0.0.0, time s
PS C:\Users\bob> $errorGroup[0] | select -ExpandProperty Group | select -ExpandProperty Message
Faulting application name: stellaris.exe, version: 1.0.0.0, time stamp: 0x5ce81456
Faulting module name: stellaris.exe, version: 1.0.0.0, time stamp: 0x5ce81456
Exception code: 0xc0000005
Fault offset: 0x0000000000e98421
Faulting process id: 0xae8
Faulting application start time: 0x01d67ed892431a15
Faulting application path: C:\HYT\Stellaris Ancient Relics\stellaris.exe
Faulting module path: C:\HYT\Stellaris Ancient Relics\stellaris.exe
Report Id: 29eec838-b629-45a8-8c57-37638131bd59
Faulting package full name:
Faulting package-relative application ID:
Faulting application name: stellaris.exe, version: 1.0.0.0, time stamp: 0x5ce81456
Faulting module name: stellaris.exe, version: 1.0.0.0, time stamp: 0x5ce81456
Exception code: 0xc0000005
Fault offset: 0x0000000000e98421...
reference:
No comments:
Post a Comment