ps/Modules/Alkami.PowerShell.Services/Public/Get-ServiceStartupFailuresFromEventLog.ps1

function Get-ServiceStartupFailuresFromEventLog {
<#
.SYNOPSIS
    Get the (recent) service startup failures from the event log
    Defaults to the past 12 hours

.PARAMETER Since
    Specify a time to search from. See also -Until

.PARAMETER Until
    Specify a time to search to. Requires -Since

.PARAMETER LastHours
    Specify a number of most recent hours to search for. Defaults to the last 12 hours

.PARAMETER ServiceName
    Specify a service name fragment to search for.

.PARAMETER Readable
    [switch] Produce slightly more parseable output at the cost of record details
#>
    [CmdletBinding(DefaultParameterSetName = 'LastHours')]
    [OutputType([object[]])]
    param (
        [Parameter(Mandatory = $true, ParameterSetName = 'Since')]
        [System.DateTime]$Since,
        [Parameter(Mandatory = $false, ParameterSetName = 'Since')]
        [System.DateTime]$Until,
        [Parameter(Mandatory = $false, ParameterSetName = 'LastHours')]
        [ValidateScript({if ($_ -ne 0) { $true } else {throw "0 is invalid, please specify a number of hours to search since"}})]
        [int]$LastHours = 12,
        [Parameter(Mandatory = $false)]
        [Alias('Message')]
        [Alias('match')]
        [Alias('Contains')]
        [string]$ServiceName = '',
        [Parameter(Mandatory = $false)]
        [switch]$Readable
    )

    $logLead = Get-LogLeadName

    # 10,000 in this case is a magic string with no real value chosen behind it
    # "a very large number"
    if ((Get-WinEvent -ListLog Application).RecordCount -gt 10000) {
        Write-Host "$logLead : This process takes a while to return all the records depending on how many are in the event log"
    }

    if ($PSCmdlet.ParameterSetName -eq 'LastHours') {
        if ($LastHours -gt 0) {
            $LastHours = $LastHours * -1
        }
        $Since = [System.DateTime]::Now.AddHours($LastHours)
    }

    $splat = @{
        StartTime = $Since
        LogName = 'Application'
        ProviderName = 'Application Error'
        Id = 1000 # magic number
    }

    if ($null -ne $Until) {
        $splat.EndTime = $Until
    }

    $records = (Get-WinEvent -FilterHashtable $splat)
    if (-not (Test-StringIsNullOrWhitespace($ServiceName))) {
        $records = $records | Where-Object { $_.Properties.Value -match $ServiceName -or $_.Message -match $ServiceName }
    }

    if ($Readable) {
        $records | Format-Table -Property TimeCreated,Message -Wrap
    } else {
        return $records
    }
}
First full commit 2023-05-30 22:51:22 -07:00			`function Get-ServiceStartupFailuresFromEventLog {`
			`<#`
			`.SYNOPSIS`
			`Get the (recent) service startup failures from the event log`
			`Defaults to the past 12 hours`

			`.PARAMETER Since`
			`Specify a time to search from. See also -Until`

			`.PARAMETER Until`
			`Specify a time to search to. Requires -Since`

			`.PARAMETER LastHours`
			`Specify a number of most recent hours to search for. Defaults to the last 12 hours`

			`.PARAMETER ServiceName`
			`Specify a service name fragment to search for.`

			`.PARAMETER Readable`
			`[switch] Produce slightly more parseable output at the cost of record details`
			`#>`
			`[CmdletBinding(DefaultParameterSetName = 'LastHours')]`
			`[OutputType([object[]])]`
			`param (`
			`[Parameter(Mandatory = $true, ParameterSetName = 'Since')]`
			`[System.DateTime]$Since,`
			`[Parameter(Mandatory = $false, ParameterSetName = 'Since')]`
			`[System.DateTime]$Until,`
			`[Parameter(Mandatory = $false, ParameterSetName = 'LastHours')]`
			`[ValidateScript({if ($_ -ne 0) { $true } else {throw "0 is invalid, please specify a number of hours to search since"}})]`
			`[int]$LastHours = 12,`
			`[Parameter(Mandatory = $false)]`
			`[Alias('Message')]`
			`[Alias('match')]`
			`[Alias('Contains')]`
			`[string]$ServiceName = '',`
			`[Parameter(Mandatory = $false)]`
			`[switch]$Readable`
			`)`

			`$logLead = Get-LogLeadName`

			`# 10,000 in this case is a magic string with no real value chosen behind it`
			`# "a very large number"`
			`if ((Get-WinEvent -ListLog Application).RecordCount -gt 10000) {`
			`Write-Host "$logLead : This process takes a while to return all the records depending on how many are in the event log"`
			`}`

			`if ($PSCmdlet.ParameterSetName -eq 'LastHours') {`
			`if ($LastHours -gt 0) {`
			`$LastHours = $LastHours * -1`
			`}`
			`$Since = [System.DateTime]::Now.AddHours($LastHours)`
			`}`

			`$splat = @{`
			`StartTime = $Since`
			`LogName = 'Application'`
			`ProviderName = 'Application Error'`
			`Id = 1000 # magic number`
			`}`

			`if ($null -ne $Until) {`
			`$splat.EndTime = $Until`
			`}`

			`$records = (Get-WinEvent -FilterHashtable $splat)`
			`if (-not (Test-StringIsNullOrWhitespace($ServiceName))) {`
			`$records = $records \| Where-Object { $_.Properties.Value -match $ServiceName -or $_.Message -match $ServiceName }`
			`}`

			`if ($Readable) {`
			`$records \| Format-Table -Property TimeCreated,Message -Wrap`
			`} else {`
			`return $records`
			`}`
			`}`