PowerShell 7.3 - Trouble Filtering Event Logs by Event ID and Time Range
I'm trying to query the Windows Event Log using PowerShell 7.3 to filter events by a specific Event ID within a certain time range, but I keep getting an empty result set even though I know there are matching events... I thought that using `Get-WinEvent` would be straightforward, but it seems like my filters are not being applied correctly. Here's the code snippet I am using: ```powershell $startTime = (Get-Date).AddDays(-7) # One week ago $endTime = Get-Date # Now $eventId = 4624 # Logon events $events = Get-WinEvent -FilterHashtable @{LogName='Security'; Id=$eventId; StartTime=$startTime; EndTime=$endTime} $events | Format-Table -Property TimeCreated, Id, Message ``` When I run this, I get no output at all. However, if I remove the `StartTime` and `EndTime` filters, I can see the logons for that Event ID. I suspect it might have something to do with the date format or the way I'm specifying the time range, but I'm not sure what to check next. I also tried formatting the dates like this: ```powershell $startTime = [datetime]::Parse('2023-10-01 00:00:00') $endTime = [datetime]::Parse('2023-10-08 23:59:59') ``` Still no luck. Can anyone guide to pinpoint what might be going wrong here? Are there any specific nuances related to filtering event logs that I might be missing? Any advice or insights would be greatly appreciated! I recently upgraded to Powershell 3.10. Any ideas what could be causing this?