Get-WinEvent search for all errors

Question

running Get-WinEvent it's possible to use wildcards:

Get-WinEvent -filterhashtable 
@{logname="*";providername="*cluster*";starttime="04.01.2022";endtime="05.31.2022";level=2} - 
ErrorAction SilentlyContinue

but using only wildcards for both logname and providername (surprisingly) doesn't return any records:

Get-WinEvent -filterhashtable 
@{logname="*";providername="*";starttime="04.01.2022";endtime="05.31.2022";level=2} - 
ErrorAction SilentlyContinue

so: how to search for all errors in every log from every provider in a given timespan?

Answer 1

How I would do it with a foreach-object loop. All lognames should cover all providers. In powershell 7, you can do foreach-object -parallel, and it took me under 2 seconds. Trying an enum for level; I'm surprised it still needs casting to int. This may really be a question about invoke-command.

$list = 1..10 | % tostring comp000
invoke-command $list {  # runs in parallel
  get-winevent -listlog * -ea 0 | 
  % { Get-WinEvent @{logname=$_.logname; 
  starttime='4/1'; endtime='5/31'; 
  level=[int][Diagnostics.Tracing.EventLevel]::Error} -ea 0 } 
}