Export (0) Print
Expand All
Collapse the table of content
Expand the table of content
Expand Minimize

Clear-EventLog

Updated: August 9, 2015

Clear-EventLog

Clears all entries from specified event logs on the local or remote computers.

Syntax

Parameter Set: Default
Clear-EventLog [-LogName] <String[]> [[-ComputerName] <String[]> ] [-Confirm] [-WhatIf] [ <CommonParameters>]




Detailed Description

The Clear-EventLog cmdlet removes all of the entries from the specified event logs on the local computer or on remote computers. To use Clear-EventLog, you must be a member of the Administrators group on the affected computer.

The cmdlets that contain the EventLog noun (the EventLog cmdlets) work only on classic event logs. To get events from logs that use the Windows Event Log technology in Windows Vista and later versions of Windows, use the Get-WinEvent cmdlet.

Parameters

-ComputerName<String[]>

Specifies a remote computer. The default is the local computer.

Type the NetBIOS name, an Internet Protocol (IP) address, or a fully qualified domain name of a remote computer. To specify the local computer, type the computer name, a dot (.), or localhost.

This parameter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter of the Get-EventLog cmdlet even if your computer is not configured to run remote commands.


Aliases

Cn

Required?

false

Position?

2

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-LogName<String[]>

Specifies the event logs. Enter the log name (the value of the Log property; not the LogDisplayName) of one or more event logs, separated by commas.


Aliases

LN

Required?

true

Position?

1

Default Value

none

Accept Pipeline Input?

true (ByPropertyName)

Accept Wildcard Characters?

false

-Confirm

Prompts you for confirmation before running the cmdlet.


Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.


Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see    about_CommonParameters.

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

  • None

    You cannot pipe objects to this cmdlet.


Outputs

The output type is the type of the objects that the cmdlet emits.

  • None

    This cmdlet does not generate any output.


Notes

  • To use Clear-EventLog on Windows Vista and later versions of Windows, start Windows PowerShell with the "Run as administrator" option.

Examples

Example 1: Clear specific event log types from the local computer

This command clears the entries from the Windows PowerShell event log on the local computer.


PS C:\> Clear-EventLog "Windows PowerShell"

Example 2: Clear specific multiple log types from the local and remote computers

This command clears all of the entries in the Microsoft Office Diagnostics (ODiag) and Microsoft Office Sessions (OSession) logs on the local computer and the Server02 remote computer.


PS C:\> Clear-EventLog -LogName "ODiag", "OSession" -ComputerName "localhost", "Server02"

Example 3: Clear all logs on the specified computers then display the event log list

This example clears all event logs on the specified computers and then displays the resulting event log list.

Notice that a few entries were added to the System and Security logs after the logs were cleared but before they were displayed.


PS C:\> function Clear-All-Event-Logs ($ComputerName="localhost")
{
   $Logs = Get-EventLog -ComputerName $ComputerName -List | ForEach {$_.Log}
   $Logs | ForEach {Clear-EventLog -Comp $ComputerName -Log $_ }
   Get-EventLog -ComputerName $ComputerName -List
}

PS C:\>Clear-All-Event-Logs -Comp "Server01"

Related topics

Community Additions

ADD
Show:
© 2016 Microsoft