designsoliman - Fotolia
Retrieve a Hyper-V event log with the Get-EventLog cmdlet
Use the Get-EventLog PowerShell cmdlet with the desired parameters to retrieve a Hyper-V event log. This command gets errors and warnings and exports them as a CSV file.
A virtualization administrator can retrieve a Hyper-V event log with just a few PowerShell commands and save the output to a CSV file so it's easy to read.
There are several events that are logged in the Windows event log on a Hyper-V host. For example, when you shut down a VM, the Hyper-V host logs an event of it. Similarly, when you restart a VM or create a checkpoint, the Hyper-V host records those activities and creates corresponding event entries in the Windows event log.
You might see Hyper-V host logging errors, warnings and other events you wouldn't otherwise have noticed if Hyper-V wasn't monitored by a tool capable of sending alerts. This method is also helpful if you find it difficult to navigate through events using the Event Viewer GUI, or when working in a Server Core environment, which doesn't have a GUI.
The Get-EventLog PowerShell cmdlet retrieves a specific event, all the errors and all the warnings from the Hyper-V host. Get-EventLog is designed not only for users with Hyper-V, but also for retrieving event information from the Windows event log.
The PowerShell command shown below retrieves the 20 most recent errors logged on the Hyper-V host and saves the Hyper-V event log to C:\Temp\AllErrors.CSV:
Get-EventLog System -EntryType Error -Newest 20 | Export-CSV C:\Temp\AllErrors.CSV -NoTypeInfo
If you want to get a Hyper-V event log with both errors and warnings and save the output to a CSV file, use the following command:
Get-EventLog System -EntryType Error, Warning -Newest 20 | Export-CSV C:\Temp\AllErrorsWarnings.CSV -NoTypeInfo
While the commands shown above retrieve all the errors and warnings from a Hyper-V host, the command below only retrieves the errors and warnings related to Hyper-V:
Get-EventLog System -EntryType Error, Warning -Source "*Hyper-V*" | Export-CSV C:\Temp\Hyper-VErrWarnEvents.CSV -NoTypeInfo
If you want to export all the Hyper-V-specific events to a Hyper-V event log, including informational events, omit the -EntryType parameter, as shown in the following command:
Get-EventLog System-Source "*Hyper-V*" | Export-CSV C:\Temp\Hyper-VRelatedEvents.CSV -NoTypeInfo
Note that the Hyper-V role uses both system and application logs to log events. While the PowerShell commands shown above target the system log, you can use the PowerShell commands shown below to fetch events related to Hyper-V from the application log.
To fetch all the events, including errors, warnings and informational events, execute the following PowerShell command:
Get-EventLog -LogName Application -Source "*vmic*" | Export-CSV C:\Temp\Hyper-VEventsAppLog.CSV -NoTypeInfo
To get a list of errors and warnings from the application log only, execute the following command:
Get-EventLog -LogName Application -EntryType Error, Warning-Source "*vmic*" | Export-CSV C:\Temp\Hyper-VEventsErrWarnAppLog.CSV -NoTypeInfo
Dig Deeper on IT systems management and monitoring
-
![]()
How to set up automated log collection with PowerShell
By: Liam Cleary
-
![]()
How to scan and repair disks with Windows 10 Check Disk
By: Gary Olsen
-
![]()
Automated change management eases IT compliance, security demands
By: Stephen Bigelow
-
![]()
Walk through 5 common PowerShell uses for IT ops teams
By: Alyssa Fallon
