Using Get-WinEvent to Query All Logs
You can use Get-WinEvent to get events from all logs. Let's say you wanted to get all the errors in all the logs for the past 24 hours, you would specify a wildcard (*) in the LogName.
Get-WinEvent -FilterHashtable @{LogName='*';StartTime=(Get-Date).AddDays(-1)}Encountering the Invalid Data error with Get-WinEvent; a 256 log limit
Introduction
Get-WinEvent Reference on Technet doesn't go into detail on how to use the FilterXPath parameter to filter for events; however, it directs you to XPath Reference on MSDN and Event Selection on MSDN. This post attempts to summarize the documents on XPath specific to building complex XPath queries for events.
In this post, I am going to explain how the following XPath filter works to get all of the logon events for the past 24 hours for a specific user.