Reading Event Log: speeding up with If Exists equivalent?

  • In the Jack of all trades role, i've got a web application , that since it connects to SQL server, somehow also falls under my domain.

    without digging into the code, i know that at some point, an error occurs in the application, that causes it to lock up, and i can fix it by bouncing the application pool related to the web application.

    so i can actually see the event in the event log, so if i used powershell to search the event log, i could use a WMI call to bounce the app pool.

    all that works fine...

    but the issue is the test of reading the event log takes a loooong time; i'd like to speed it up, especially if it finds anything;

    it currently takes the same amount of time for a positive result and a negative result, which is 2.5-3 minutes.

    any suggestions to speed an inquiry like this up?

    $start = Get-Date -format "dd-MMM-yyyy HH:mm:ss"

    Write-Host $start

    if(Get-EventLog -ComputerName GDC-WEB-P01 -LogName Application -EntryType Error,Warning -After ((Get-Date).addminutes(-5)) -Message "*Exception message: Specified cast is not valid.*")

    {

    Write-Host "The event occured, bouncing the application pool."

    }

    else

    {

    Write-Host "All clear, no work performed."

    }

    $now = Get-Date -format "dd-MMM-yyyy HH:mm:ss"

    Write-Host $now

    $val =NEW-TIMESPAN –Start $start –End $now

    Write-Host $val #00:02:41 in my case

    Lowell


    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

  • The performance issue is probably down to it being a huge log. I believe that if you know the source as well that this would filter it quicker.

    Also, I would be concerned that the message criteria is not being used as the last filter by Get-EventLog (I do not know either way). To check this you could change the filter by message out of the Get-EventLog call e.g.

    if(Get-EventLog -ComputerName GDC-WEB-P01 -LogName Application -EntryType Error,Warning -After ((Get-Date).addminutes(-5)) -Source "I DO NOT KNOW" | Where {$_.Message -eq "*Exception message: Specified cast is not valid.*")}

    Or event just temporarily remove it to see how long it takes without it.

    Please note that I think that the comparison of message with the string is not using the wildcard in the above example code so would not work.

    DISCLAIMER: Personally, I would not recommend as a long term resolution the recycling the AppPool due to a code defect.

    Gaz

    -- Stop your grinnin' and drop your linen...they're everywhere!!!

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply