無法使用Powershell中的運行空間搜索事件日誌

Question

我正在搜索特定事件的計算機事件日誌列表。這個清單是7000多個系統。我很想有這個利用運行空間。我有以下代碼，但它不起作用。它看起來像返回爲空，當然會導致CSV導出失敗。

有什麼建議嗎？

謝謝！

# Max Runspaces 
$Throttle = 5 #threads 

# What is the total number of events to pull? 
$eventMax = 10 

# Which event log do we want to pull from? 
$eventLog = "System" 

$eventEntryID = "7023" 

$eventMessage = "The Windows Modules Installer service terminated with the following error: 
The configuration registry database is corrupt." 

# What is our source file, the one with ll the file names. 
$computers = Get-Content "c:\temp\Louis\hostsins.txt" 

# What is our CSV file 
$outFile = "c:\temp\Louis\SearchEventLogResultsINS.csv" 

$ScriptBlock = { 
    Param (
     [string]$sComputer 
    ) 

    $RunResult = Get-WinEvent -Oldest -ComputerName $sComputer -FilterHashtable @{LogName = $eventLog; ID = $eventEntryID;} | 
       where{$_.Message -eq $eventMessage} | 
       Select machinename, TimeCreated, ID, LevelDisplayname, Message 
    write-host $RunResult 

    Return $RunResult 
} 

$RunspacePool = [RunspaceFactory]::CreateRunspacePool(1, $Throttle) 
$RunspacePool.Open() 
$Jobs = @() 

$computers | % { 

    write-host $_ 

    $Job = [powershell]::Create().AddScript($ScriptBlock).AddArgument($_) 
    $Job.RunspacePool = $RunspacePool 
    $Jobs += New-Object PSObject -Property @{ 
     RunNum = $_ 
     Pipe = $Job 
     Result = $Job.BeginInvoke() 
    } 
} 

Write-Host "Running.." -NoNewline 
Do { 
    Write-Host "." -NoNewline 
    Start-Sleep -Seconds 1 
} While ($Jobs.Result.IsCompleted -contains $false) 
Write-Host "All jobs completed!" 

$Results = @() 
ForEach ($Job in $Jobs){ 
    $Results += $Job.Pipe.EndInvoke($Job.Result) 
} 

$Results | Export-Csv $outFile 

Answer 1

它看起來像你在運行空間外聲明變量並試圖在運行空間中使用它們。

我看到你通過.addargument（$ _）在每臺計算機。沒有別的。運行空間非常適合速度，但由於這樣的問題會稍微方便一些。

欲瞭解更多信息，請查看Dave Wyatt's post，其中包括其他參考文獻。請務必翻閱initialsessionstate，runspacefactory，runspacepool和powershell上的MSDN文檔，並在提示符下探索並試驗各種屬性和方法。

我試圖返工你的代碼，沒有測試過，但是這應該說明了你一個解決辦法：

# Max Runspaces 
$Throttle = 5 #threads 

#Throw the stuff you want to pass in into a hashtable or whatever vehicle meets your needs 
$params = @{ 
    eventMax = 10 
    eventLog = "System" 
    eventEntryID = "7023" 
    eventmessage = "The Windows Modules Installer service terminated with the following error: 
The configuration registry database is corrupt." 
    computer = $_ 
} 

# What is our source file, the one with ll the file names. 
$computers = Get-Content "c:\temp\Louis\hostsins.txt" 

# What is our CSV file 
$outFile = "c:\temp\Louis\SearchEventLogResultsINS.csv" 

$ScriptBlock = { 
    Param (
     [System.Collections.Hashtable]$hash 
    ) 


    $RunResult = Get-WinEvent -Oldest -ComputerName $hash.computer -FilterHashtable @{LogName = $hash.eventLog; ID = $hash.eventEntryID;} | 
       where{$_.Message -eq $hash.eventMessage} | 
       Select machinename, TimeCreated, ID, LevelDisplayname, Message 
    write-host $RunResult 

    Return $RunResult 
} 

$RunspacePool = [RunspaceFactory]::CreateRunspacePool(1, $Throttle) 
$RunspacePool.Open() 
$Jobs = @() 

$computers | % { 

    $params = @{ 
     eventLog = "System" 
     eventEntryID = "7023" 
     eventmessage = "The Windows Modules Installer service terminated with the following error: 
    The configuration registry database is corrupt." 
     computer = $_ 
    } 

    write-host $_ 


    $Job = [powershell]::Create().AddScript($ScriptBlock).AddArgument($params) 
    $Job.RunspacePool = $RunspacePool 
    $Jobs += New-Object PSObject -Property @{ 
     RunNum = $_ 
     Pipe = $Job 
     Result = $Job.BeginInvoke() 
    } 
} 

Write-Host "Running.." -NoNewline 
Do { 
    Write-Host "." -NoNewline 
    Start-Sleep -Seconds 1 
} While ($Jobs.Result.IsCompleted -contains $false) 
Write-Host "All jobs completed!" 

$Results = @() 
ForEach ($Job in $Jobs){ 
    $Results += $Job.Pipe.EndInvoke($Job.Result) 
} 

$Results | Export-Csv $outFile 

乾杯！