1
00:00:01,040 --> 00:00:04,230
Alright, now that you've seen these commands kind of individually,

2
00:00:04,230 --> 00:00:06,290
let's put them together because this is what you

3
00:00:06,290 --> 00:00:10,440
typically will be doing in PowerShell.

4
00:00:10,440 --> 00:00:13,640
Let's go ahead, and again, let's do Get‑Process,

5
00:00:13,640 --> 00:00:17,370
and let's sort on that working set property in Descending

6
00:00:17,370 --> 00:00:20,030
order and then just tell PowerShell, hey,

7
00:00:20,030 --> 00:00:22,840
all I care about are the first 5.

8
00:00:22,840 --> 00:00:29,080
So on my computer, these are the top five processes based upon the working size,

9
00:00:29,080 --> 00:00:32,010
or the amount of memory that they are using,

10
00:00:32,010 --> 00:00:34,480
no scripting, really simple.

11
00:00:34,480 --> 00:00:34,860
Again,

12
00:00:34,860 --> 00:00:36,970
just kind of think about what PowerShell is doing or

13
00:00:36,970 --> 00:00:40,640
what you want PowerShell to do, get me all the processes,

14
00:00:40,640 --> 00:00:44,510
sort them, select them, nothing cryptic,

15
00:00:44,510 --> 00:00:46,000
really nothing difficult here,

16
00:00:46,000 --> 00:00:48,410
other than getting your head around this idea of

17
00:00:48,410 --> 00:00:52,040
objects moving through the pipeline.

18
00:00:52,040 --> 00:00:53,190
Let's do another one here.

19
00:00:53,190 --> 00:01:00,440
I'm going to get a listing of all the files in my temporary folder,

20
00:01:00,440 --> 00:01:03,840
and I'm going to measure how much space they're taking.

21
00:01:03,840 --> 00:01:05,880
So I'm going to measure the length property,

22
00:01:05,880 --> 00:01:09,260
and I'm going to use the AllStats parameter,

23
00:01:09,260 --> 00:01:13,340
which was introduced in PowerShell 7 for measure object.

24
00:01:13,340 --> 00:01:17,540
So this is going to give me all the things that I can do,

25
00:01:17,540 --> 00:01:21,840
but I want to select all those properties except,

26
00:01:21,840 --> 00:01:23,810
and that's the ExcludeProperty,

27
00:01:23,810 --> 00:01:29,840
I don't want to see the Property output from the measure object result.

28
00:01:29,840 --> 00:01:30,460
So instead,

29
00:01:30,460 --> 00:01:36,230
what I get is all of the values that measure object can do, so I get the Count,

30
00:01:36,230 --> 00:01:39,020
the Average, the Sum, the Maximum, the Minimum,

31
00:01:39,020 --> 00:01:42,840
and the StandardDeviation if I really needed that sort of thing.

32
00:01:42,840 --> 00:01:46,450
PowerShell will do what I tell it to do as long as I have an idea

33
00:01:46,450 --> 00:01:51,240
in my head about what I need it to do.

34
00:01:51,240 --> 00:01:53,400
Let's revisit event logs.

35
00:01:53,400 --> 00:01:59,140
So let's do get‑winevent, and again, I'm going to list all the logs,

36
00:01:59,140 --> 00:02:03,440
Sort them on the FileSize because I know that that is a property,

37
00:02:03,440 --> 00:02:09,400
sort them in Descending order, and then select just the first 10,

38
00:02:09,400 --> 00:02:13,590
so this is going to give me the first 10 event logs,

39
00:02:13,590 --> 00:02:17,390
but then all I want to see in the result is the Logname,

40
00:02:17,390 --> 00:02:21,110
RecordCount, and file size, and there we go.

41
00:02:21,110 --> 00:02:22,570
Again, a very easy,

42
00:02:22,570 --> 00:02:26,530
simple report to see the event logs on my system and

43
00:02:26,530 --> 00:02:32,040
how much space they might be taking.

44
00:02:32,040 --> 00:02:36,010
We have been looking at the logs.

45
00:02:36,010 --> 00:02:39,740
Now I want to discover what's inside the logs.

46
00:02:39,740 --> 00:02:42,270
My previous example was just listening to log file.

47
00:02:42,270 --> 00:02:44,930
Now I want to know, hey, what entries are in there?

48
00:02:44,930 --> 00:02:49,970
What might be using or causing problems for me, say, in the system event log?

49
00:02:49,970 --> 00:02:51,500
So let's do a little discovery.

50
00:02:51,500 --> 00:03:00,440
I'm going to just grab one representative entry and select all the properties.

51
00:03:00,440 --> 00:03:02,510
I can then scroll and discover, okay,

52
00:03:02,510 --> 00:03:05,040
what property names do I want so I can see the

53
00:03:05,040 --> 00:03:10,730
corresponding values? Once I see that, I can run a command like this.

54
00:03:10,730 --> 00:03:16,010
Let's do get‑winevent, and I'm just going to get the first 1000,

55
00:03:16,010 --> 00:03:16,500
or should say,

56
00:03:16,500 --> 00:03:23,550
the last 1000 entries from the system event log. Now, I'm going to

57
00:03:23,550 --> 00:03:28,190
Group them on the Providername, and in this case,

58
00:03:28,190 --> 00:03:30,510
I don't really care about the entries themselves.

59
00:03:30,510 --> 00:03:32,890
I just want to know the Providername,

60
00:03:32,890 --> 00:03:36,120
which in this case is going to be the source, and how many items

61
00:03:36,120 --> 00:03:40,240
am I getting for each Providername or source?

62
00:03:40,240 --> 00:03:44,170
So I'm then going to sort on the Count property. Again, you have to think about

63
00:03:44,170 --> 00:03:46,460
what PowerShell is doing, what's happening in the pipeline.

64
00:03:46,460 --> 00:03:51,040
Get‑winevent is getting me event log records.

65
00:03:51,040 --> 00:03:52,340
I'm then grouping them.

66
00:03:52,340 --> 00:03:55,790
Group object is now writing a Group object to the pipeline

67
00:03:55,790 --> 00:03:58,030
that has its own, has different properties.

68
00:03:58,030 --> 00:04:01,140
I'm not going to sort on that Group object.

69
00:04:01,140 --> 00:04:04,040
That result then gets written to the pipeline,

70
00:04:04,040 --> 00:04:07,890
and I'm going to select just the first 10, and again, just to

71
00:04:07,890 --> 00:04:10,470
make it a little interesting, I'm going to pipe this to another

72
00:04:10,470 --> 00:04:12,980
command called Out‑ConsoleGridView.

73
00:04:12,980 --> 00:04:13,290
Now,

74
00:04:13,290 --> 00:04:18,430
this command you'll have to install in order to use it, and I have a note in the

75
00:04:18,430 --> 00:04:23,040
demo file on how to install the module to give this to you.

76
00:04:23,040 --> 00:04:24,510
This is kind of like Out‑GridView,

77
00:04:24,510 --> 00:04:28,120
except it does it in the console, kind of a nice way, so it's a

78
00:04:28,120 --> 00:04:30,280
different way of working with information.

79
00:04:30,280 --> 00:04:34,160
So there, I can see in the system event log, these are the

80
00:04:34,160 --> 00:04:40,890
entries that are causing the most logs to be recorded, so

81
00:04:40,890 --> 00:04:44,740
my GroupPolicy event. Now, a lot of those could be information.

82
00:04:44,740 --> 00:04:47,460
I haven't added any other filtering for errors or warnings.

83
00:04:47,460 --> 00:04:51,330
You can look at the help for Get‑WinEvent to see how to do that.

84
00:04:51,330 --> 00:04:53,000
I told PowerShell what to do,

85
00:04:53,000 --> 00:04:58,340
and it went ahead and did it, and Escape just gets you out of that.

86
00:04:58,340 --> 00:05:01,760
So working with multiple objects at once is really easy,

87
00:05:01,760 --> 00:05:03,810
and it's really what you should look for when working in

88
00:05:03,810 --> 00:05:06,590
PowerShell. Sometimes though that's not possible.

89
00:05:06,590 --> 00:05:12,000
So let's go back to the slides, and let me cover another way to work with objects in the pipeline.