Get event logs from remote computer
$events = get-eventlog application -computername comp10
Select only from last 24 hours
$events|where {$_.timegenerated -gt $(get-date).adddays(-1)}
Find events with a certain phrase or word in the description
$events | where {$_.message -match "acrobat"}
Find events of a certain type: Information, warning or error AND descriptions contains a word or phrase:
$events | where {$_.eventtype -match "error" -and $_.message -match "acrobat"}
Find the times when the server was started:
get-eventlog system |where {$_.eventid -eq "6005"}
