A virtualization administrator can retrieve a Hyper-V event log with just a few PowerShell commands and save the...
output to a CSV file so it's easy to read.
There are several events that are logged in the Windows event log on a Hyper-V host. For example, when you shut down a VM, the Hyper-V host logs an event of it. Similarly, when you restart a VM or create a checkpoint, the Hyper-V host records those activities and creates corresponding event entries in the Windows event log.
You might see Hyper-V host logging errors, warnings and other events you wouldn't otherwise have noticed if Hyper-V wasn't monitored by a tool capable of sending alerts. This method is also helpful if you find it difficult to navigate through events using the Event Viewer GUI, or when working in a Server Core environment, which doesn't have a GUI.
The Get-EventLog PowerShell cmdlet retrieves a specific event, all the errors and all the warnings from the Hyper-V host. Get-EventLog is designed not only for users with Hyper-V, but also for retrieving event information from the Windows event log.
The PowerShell command shown below retrieves the 20 most recent errors logged on the Hyper-V host and saves the Hyper-V event log to C:\Temp\AllErrors.CSV:
Get-EventLog System -EntryType Error -Newest 20 | Export-CSV C:\Temp\AllErrors.CSV -NoTypeInfo
If you want to get a Hyper-V event log with both errors and warnings and save the output to a CSV file, use the following command:
Get-EventLog System -EntryType Error, Warning -Newest 20 | Export-CSV C:\Temp\AllErrorsWarnings.CSV -NoTypeInfo
While the commands shown above retrieve all the errors and warnings from a Hyper-V host, the command below only retrieves the errors and warnings related to Hyper-V:
Get-EventLog System -EntryType Error, Warning -Source "*Hyper-V*" | Export-CSV C:\Temp\Hyper-VErrWarnEvents.CSV -NoTypeInfo
If you want to export all the Hyper-V-specific events to a Hyper-V event log, including informational events, omit the -EntryType parameter, as shown in the following command:
Get-EventLog System-Source "*Hyper-V*" | Export-CSV C:\Temp\Hyper-VRelatedEvents.CSV -NoTypeInfo
Note that the Hyper-V role uses both system and application logs to log events. While the PowerShell commands shown above target the system log, you can use the PowerShell commands shown below to fetch events related to Hyper-V from the application log.
To fetch all the events, including errors, warnings and informational events, execute the following PowerShell command:
Get-EventLog -LogName Application -Source "*vmic*" | Export-CSV C:\Temp\Hyper-VEventsAppLog.CSV -NoTypeInfo
To get a list of errors and warnings from the application log only, execute the following command:
Get-EventLog -LogName Application -EntryType Error, Warning-Source "*vmic*" | Export-CSV C:\Temp\Hyper-VEventsErrWarnAppLog.CSV -NoTypeInfo
Dig Deeper on Microsoft Hyper-V management
Related Q&A from Nirmal Sharma
To see virtual processors configured for VMs on the local host, execute a simple PowerShell command. For vCPUs configured for VMs on remote servers, ... Continue Reading
If you don't have Guarded Fabric or Shielded VMs, which have the Trusted Platform Module feature built-in, you need to manually enable virtual TPM ... Continue Reading
Hyper-V replication failover only requires two steps. But before you initiate failover, perform some tests to ensure the recovery point has ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.