Searching vCenter Tasks and Events via PowerShell and GridView

Guest Post #

As searching and filtering for events in vCenter Server trough vSphere Client somewhat limited (OK, it really sucks, to be honest), it’s usually much faster using PowerCLI, to retrieve, filter & searching events.

The basics. Connecting to vCenter Server via PowerCLI, and get some events #

Connecting to vCenter

Connect-VIServer vc-02.esod.local

Getting the last 1337 events from vCenter

Get-VIEvent -MaxSamples 1337

Getting the last 1337 events from a ESXi host

Get-VMHost esx-11.esod.local | Get-VIEvent -MaxSamples 1337

Getting the last 1337 events from a VM

Get-VM dc-02.esod.local | Get-VIEvent -MaxSamples 1337

Knowing there is more… #

Since this is basically PowerShell output, you may filter in any way you like, as you might already know, through regular PowerShell. Check all the objects I may retrieve, just for this event first event.

PS /Users/esod> Get-VMHost esx-11.esod.local | Get-VIEvent -MaxSamples 1

EventTypeId          : com.vmware.vc.TaHostAttestUnsetEvent
Severity             : info
Message              : 
Arguments            : 
ObjectId             : host-4373
ObjectType           : HostSystem
ObjectName           : esx-11.esod.local
Fault                : 
Key                  : 592127
ChainId              : 592127
CreatedTime          : 05/19/2021 08:23:42
UserName             : 
Datacenter           : VMware.Vim.DatacenterEventArgument
ComputeResource      : VMware.Vim.ComputeResourceEventArgument
Host                 : VMware.Vim.HostEventArgument
Vm                   : 
Ds                   : 
Net                  : 
Dvs                  : 
FullFormattedMessage : Trusted Host attestation status unset.
ChangeTag            : 

Adding a filter, to get events, performed by a specific domain (or user)

PS /Users/esod> Get-VIEvent | Where-Object UserName -ilike "esod\*" | Select-Object CreatedTime,ipaddress,username,fullformattedmessage -Last 3 

CreatedTime         IpAddress  UserName           FullFormattedMessage
-----------         ---------  --------           --------------------
05/19/2021 08:15:15 10.0.1.115 ESOD\svc-vmw-log   User ESOD\svc-vmw-log@10.0.1.115 logged in as JAX-WS RI 2.2.9-b130926.1035 svn-revision#5f6196f2b90e9460065a4c2f4e30e065b245e51e
05/19/2021 08:14:00 10.0.1.114 ESOD\svc-vmw-vrops User ESOD\svc-vmw-vrops@10.0.1.114 logged out (login time: Wednesday, 19 May, 2021 06:13:59 AM, number of API invocations: 6, user agent: VMware vim-java 1.0)
05/19/2021 08:13:59 10.0.1.114 ESOD\svc-vmw-vrops User ESOD\svc-vmw-vrops@10.0.1.114 logged in as VMware vim-java 1.0

Bonus: If you’re on MacOS and need GridView #

Another, maybe cooler way to filter (well, I usually do this), is to just pipe the output to GridView (runs in RAM, hence really, really fast to search), and just apply some filters there. Applying, or re-applying search filter(s), is just as easy as typing something new, on the keyboard.

Notes:

• Steps below is performed from pwsh on my MacOS (does not have Out-GridView by default), hence this might look
• If you’re using Windows, you’ll native have the “Out-Gridview” by default - great! Use that!

If you’re on MacOS (like I am), I previously used to install the module “Microsoft.PowerShell.GraphicalTools”

Install-Module Microsoft.PowerShell.GraphicalTools

Now this used to work just fine, but I’m currently having trouble getting this to play nice in MacOS Catalina (keeps crashing, etc.). I recently dicovered another cool tool (if using pwsh from MacOS), called Out-ConsoleGridView, released back in 2020.

Install-Module Microsoft.PowerShell.ConsoleGuiTools

I can now pipe a lot of output to the new “Out-ConsoleGridView”. Let’s retry the Get-VIEvent, but increase the output to last 999 events

Get-VIEvent | Where-Object UserName -ilike "esod\*" | Select-Object CreatedTime,ipaddress,username,fullformattedmessage -Last 999 | Out-ConsoleGridView

As you can see from the output below, I now have the possibility to filter on “anything”, hence I can throw more output into the GridView, and filter there (in RAM, which is much faster then polling output, again and again).

I may now filter on e.g. the IP, ending in 1.99, by just typing 1.99in the Filter box.

Related articles, discussing topics in more detail #

https://devblogs.microsoft.com/powershell/introducing-consoleguitools-preview/ https://www.vembu.com/blog/vsphere-tasks-and-events-tips-to-track/ https://devblogs.microsoft.com/powershell/out-gridview-returns/

This is a post in the Guest Post series. Posts in this series:

• My Experience: VCP-DCV for vSphere 7.x 2V0-21.20 Exam — 4 Jan, 2023
• Leveling Up: My First VMUG Presentation — 22 Dec, 2022
• My First VMware Explore — 2 Dec, 2022
• Expired VMware vCenter certificates — 8 Aug, 2022
• Hot Add NVMe Device Caused PSOD on ESXi — 8 Sep, 2021
• Upgrading to ESXi 7.0 build 18426014 U2c. ESXi stuck in Not responding from vCenter — 24 Aug, 2021
• ESXi 7.0 SD Card/USB Drive Issue Temporary Workaround — 1 Jun, 2021
• Searching vCenter Tasks and Events via PowerShell and GridView — 19 May, 2021
• ESXi 7.0 U2a Potentially Killing USB and SD drives! — 18 May, 2021
• ESXi: Error Occurred While Saving Snapshot Msg.changetracker — 18 May, 2021
• The Curious Case of the Intel Microcode Part #2 - It Gets Better — Then Worse — 14 Jan, 2018
• The Curious Case of the Intel Microcode — 9 Jan, 2018
• Relax and virtualize it! — 15 Oct, 2015
• HP Proliant DL380p Gen8 "Decompressed MD5" error — 13 Aug, 2015

Related Posts

• ESXi: Error Occurred While Saving Snapshot Msg.changetracker — 18 May, 2021
• Exporting vCenter Events with PowerCLI — 30 Nov, 2012
• Developer meets PowerCLI - awesomeness ensues — 15 Oct, 2010
• Upgrading to ESXi 7.0 build 18426014 U2c. ESXi stuck in Not responding from vCenter — 24 Aug, 2021
• ESXi 7.0 SD Card/USB Drive Issue Temporary Workaround — 1 Jun, 2021