Comments on: PowerShell 2.0: One Cmdlet at a Time #69 Get-WinEvent http://www.jonathanmedd.net/2010/03/powershell-2-0-one-cmdlet-at-a-time-69-get-winevent.html Scripting. Powershell, VMware, Windows, Active Directory & Exchange. All that kind of stuff..... Wed, 01 Feb 2012 15:43:06 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: you http://www.jonathanmedd.net/2010/03/powershell-2-0-one-cmdlet-at-a-time-69-get-winevent.html/comment-page-1#comment-10395 you Mon, 13 Sep 2010 10:03:12 +0000 http://www.jonathanmedd.net/?p=929#comment-10395 I used next command to extract security event log from a evtx file(On a win2008 R2). PS>get-winevent -path c:910.evtx >> c:\tst.csv It need about 7 minutes. c:910.evtx is about 15MB and contains only security event log. Because wevtutil needs only several seconds to convert the same c:910.evtx to a evt file, I wonder why get-winevent was so slowly. Thanks. I used next command to extract security event log from a evtx file(On a win2008 R2).

PS>get-winevent -path c:910.evtx >> c:\tst.csv

It need about 7 minutes. c:910.evtx is about 15MB and contains only security event log.

Because wevtutil needs only several seconds to convert the same c:910.evtx to a evt file,

I wonder why get-winevent was so slowly.

Thanks.

]]>