site1.erralert.com

← System & uptime

Event log error count (last hour) powershell

Download event-log-errors.ps1

Counts Error-level events in the System and Application logs over the past hour. A sharp jump usually means something is broken.

Placeholders only. Before running, replace YOUR_URL with your capture endpoint's POST URL . (Open this page from your capture object to have these auto-filled.) 
# event-log-errors.ps1 — recent error count in System + Application logs.

$Url   = "YOUR_URL/event-errors"
$Since = (Get-Date).AddHours(-1)

$Filter = @{ LogName='System','Application'; Level=2; StartTime=$Since }
$Events = Get-WinEvent -FilterHashtable $Filter -ErrorAction SilentlyContinue

$Body = (@{
  hostname           = $env:COMPUTERNAME
  window_minutes     = 60
  total_errors       = ($Events | Measure-Object).Count
  errors_by_provider = ($Events | Group-Object ProviderName |
                        ForEach-Object { @{ ($_.Name) = $_.Count } } |
                        ForEach-Object { $h = @{} } { foreach ($k in $_.Keys) { $h[$k] = $_[$k] } } { $h })
}) | ConvertTo-Json -Compress -Depth 4

Invoke-RestMethod -Uri $Url -Method Post -Body $Body `
  -ContentType "application/json" -TimeoutSec 15 | Out-Null

Recommended pairing

Add a capture.value check to this capture object.
json_path = total_errors, op = >, threshold = 10 (tune for your baseline).

What is the filename?

event-log-errors.ps1 — this is the suggested name for the downloaded file. Rename freely if you prefer.