wevtutil查詢在單行上寫輸出

Question

我試圖使用wevtutil命令將Windows服務器事件日誌導入/讀取到文本文件。我用下面的命令來寫我的日誌FILE.TXT：

$ wevtutil qe Application \rd:true \f:text（讀取應用程序日誌） 和我的命令的樣本輸出，是：

Event[1]: 
    Log Name: Application 
    Source: Microsoft-Windows-Security-SPP 
    Date: 2016-03-29T13:02:27.000 
    Event ID: 8196 
    Task: N/A 
    Level: Information 
    Opcode: N/A 
    Keyword: Classic 
    User: N/A 
    User Name: N/A 
    Computer: WIN-IONOGQTF9O5 
    Description: License Activation Scheduler (sppuinotify.dll) 

Event[2]: 
    Log Name: Application 
    Source: Microsoft-Windows 
    Date: 2016-06-29T13:02:57.000 
    Event ID: 3444 
    Task: N/A 
    Level: Critical 
    Opcode: N/A 
    Keyword: Classic 
    User: N/A 
    User Name: N/A 
    Computer: WIN-IONOGDFFF9O5 
    Description: AIRO.Activation code(sppuinotify.dll) 

（實際上是兩個樣本日誌）。 但是，我想寫我的日誌作爲單行到.txt文件，而不是上述多行輸出爲單個日誌。有沒有wevtutil command實用程序日誌寫一行，象下面這樣：

Event[1]:Log Name: Application Source: Microsoft-Windows-Security-SPP Date: 2016-03-29T13:02:27.000 Event ID: 8196 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: WIN-IONOGQTF9O5 Description: License Activation Scheduler (sppuinotify.dll) 
Event[2]:Log Name: Application Source: Microsoft-Windows Date: 2016-03-29T13:02:27.000 Event ID: 8196 Task: N/A Level: Information Opcode: N/A Keyword: Classic User: N/A User Name: N/A Computer: WIN-IONOGQTF9O5 Description: License Activation Scheduler (sppuinotify.dll) 

謝謝！

Answer 1

$logname = "Application"  
$events = Get-EventLog -LogName $logname 

$arr = @() 
$counter = 1 

foreach($event in $events){ 
$arr += "Event[$counter]:Log Name: $logname Source: $($event.Source) Date: $($event.TimeWritten) Event ID: $($event.EventID) Task: $($event.Category) Level: $($event.EntryType) ..." 
$counter++ 
} 

$arr | out-file events.txt 

如果你需要有操作碼，關鍵字等使用的Get-Winevent代替Get-Eventlog