SCOM 2007 R2 and Get-Event

For whatever reason I’ve not been able to find what I’ve been looking for regarding this cmdlet. Namely a decent example of it’s use with regards to the –Criteria parameter. For better or worse I have several event collectors setup and it would be nice to ask SCOM for a list of specific events. Normally you would think that would be simple, and perhaps for some it is, but for me I was having some issues, that is until yesterday.

I poked around in my history but I couldn’t find the page I was looking at that enlightened me, so I’ll just add my own here in case anyone else is having the same problem.

So I’m looking at a screen that has the following columns:

  • Level
  • Date and Time
  • Source
  • Name
  • Event Number

Now the examples I have seen show that you pass field=value into the –Critera parameter, but the problem for me is that Event Number or EventNumber aren’t things. In the Event Viewer it’s called ID but in SCOM ID is the ID of the specific entry you’re looking at, much like a primary key in a database.

It turns out that the Event Number field, in SCOM is simply Number. I literally felt like Homer Simpson, D’OH!

Get-Event -Criteria ‘Number=4729’

That actually yields useful information, well assuming you’re logging Event ID 4729. At any rate, I needed to write this down somewhere as it’s a regular thing for me, that up until now has been very difficult.