[PS] Get AOS Errors of past two days

Sometimes it is necessary to have a look into the Windows Event Log and check for errors of the Dynamics AX AOS Service.

This can be very time consuming especially when the log has a huge amount of entries.
Even opening and filtering takes quite some time then.

To speed things up, I use PowerShell to query the Eventlog and get the relevant entries.
This only takes a couple of seconds compared to almost a few minutes when checking manually.

So here is my script to query the event log for errors of the AOS Service of the past 2 days:

$AOSSourceName = "Dynamics Server 01"
$EventStartDate = (((Get-Date).addDays(-2)).date)
$EventEndTime = (Get-Date)
$EventCriteria = @{logname='application'; providername=$AOSSourceName; level=2; StartTime=$EventStartDate; EndTime=$EventEndTime}

Get-WinEvent -FilterHashtable $EventCriteria

This will lead to an output similar to this:

ProviderName: Dynamics Server 01

TimeCreated                     Id LevelDisplayName Message
-----------                     -- ---------------- -------
07.09.2016 06:54:10            180 Fehler           Object Server 01:  RPC error: Failed to unregister service principal name (SPN): 'XXXX'
06.09.2016 10:11:39            180 Fehler           Object Server 01:  RPC error: Failed to register service principal name (SPN): 'XXXX'
06.09.2016 10:07:59            180 Fehler           Object Server 01:  RPC error: Failed to unregister service principal name (SPN): 'XXXX'
06.09.2016 08:50:59            180 Fehler           Object Server 01:  RPC error: Failed to register service principal name (SPN): 'XXXX'
06.09.2016 08:30:20            180 Fehler           Object Server 01:  RPC error: Failed to unregister service principal name (SPN): 'XXXX'
05.09.2016 08:10:37            180 Fehler           Object Server 01:  RPC error: Failed to register service principal name (SPN): 'XXXX'
05.09.2016 08:02:26            180 Fehler           Object Server 01:  RPC error: Failed to unregister service principal name (SPN): 'XXXX'

Explaining the script

Source
$AOSSourceName = "Dynamics Server 01"

This is the name of the source from the AOS service. Can be found in the EventLog under source:
eventlog source name

Date range
$EventStartDate = (((Get-Date).addDays(-2)).date)
$EventEndTime = (Get-Date)

This defines the start and end dates to query for. In this example, it will query for the last two days including the current day.

Event Criteria
$EventCriteria = @{logname='application'; providername=$AOSSourceName; level=2; StartTime=$EventStartDate; EndTime=$EventEndTime}

This puts all criteria together to use it with the -FilterHashTable parameter later.

Run the query
Get-WinEvent -FilterHashtable $EventCriteria

This actually runs the query against the eventlog with the defined criteria.

Additional information

Levels
The levels are defined as integers:

  • Verbose = 5
  • Informational = 4
  • Warning = 3
  • Error = 2
  • Critial = 1
  • LogAlways = 0

References:
A good TechNet example for FilterHashTable

TechNet Documentation