为什么有时 powershell cmdlet“select-string”不返回任何值？

Question

此命令有效，logfolder 包含多个日志文件，select-string 将搜索每个文件并查找 -pattern 'update'

get-childitem -recurse C:\logfolder -file | select-string -pattern "update"

但是这行不行，它不会返回任何结果

get-eventlog -logname system -entrytype error | select-string -pattern "terminated"

我 100% 肯定存在字符串“终止”的事件，也许我在这里遗漏了一些概念。

Answer 1

select-string 将输入对象转换为字符串。不幸的是，使用 get-eventlog 这不是很有帮助。顺便说一句，get-eventlog 已经被 get-winevent 取代了。

get-eventlog -logname system -entrytype error | select -first 1

   Index Time          EntryType   Source                 InstanceID Message
   ----- ----          ---------   ------                 ---------- -------
   63255 Aug 31 07:44  Error       Microsoft-Windows...         1129 The processing of Group Policy failed because o...


get-eventlog -logname system -entrytype error | select -first 1 | % { "$_" }

System.Diagnostics.EventLogEntry


get-eventlog -logname system -entrytype error | select -first 1 | select-string log

System.Diagnostics.EventLogEntry


get-eventlog -logname system -entrytype error | select -first 1 | 
  where message -match processing

   Index Time          EntryType   Source                 InstanceID Message
   ----- ----          ---------   ------                 ---------- -------
   63255 Aug 31 07:44  Error       Microsoft-Windows...         1129 The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient cond...


get-winevent @{logname='system';level=2} -maxevents 1 |
  ? message -match processing | ft -GroupBy logname

   ProviderName: System

TimeCreated                      Id LevelDisplayName Message
-----------                      -- ---------------- -------
8/31/2021 7:44:27 AM           1129 Error            The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success...