joswr1ght
commented
4 years ago Is your PowerShell session opened as an Administrator? Are there any logs in that evtx file? Thanks!
Closed RandyRandleman closed 4 years ago
joswr1ght
commented
4 years ago Is your PowerShell session opened as an Administrator? Are there any logs in that evtx file? Thanks!
RandyRandleman
commented
4 years ago Disregard, Josh. I see now which Events are being pulled!
joswr1ght
commented
4 years ago Awesome! Glad it’s working for you. Thanks for reaching out. 👊
Getting the following error on Application.evtx with known logs within it.
Get-WinEvent @{path="C\Windows\System32\winevt\logs\Application.evtx";ID=2} -ErrorAction Stop Get-WinEvent error: No events were found that match the specified selection criteria.