This is the built-in help made by Microsoft for the command 'Remove-EventLog', in PowerShell version 4 - as retrieved from
Windows version 'Microsoft Windows 8.1 Enterprise' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Deletes an event log or unregisters an event source.
Remove-EventLog [-LogName] <String[]> [[-ComputerName] <String[]>] [-Confirm] [-WhatIf] [<CommonParameters>]
Remove-EventLog [[-ComputerName] <String[]>] [-Source <String[]>] [-Confirm] [-WhatIf] [<CommonParameters>]
The Remove-EventLog cmdlet deletes an event log file from a local or remote computer and unregisters all of its event sources for the log. You can also use this cmdle
t to unregister event sources without deleting any event logs.
The cmdlets that contain the EventLog noun (the EventLog cmdlets) work only on classic event logs. To get events from logs that use the Windows Event Log technology i
n Windows Vista and later versions of Windows, use Get-WinEvent.
CAUTION: This cmdlet can delete operating system event logs, which might result in application failures and unexpected system behavior.
<
Online Version: http://go.microsoft.com/fwlink/p/?linkid=293895
Clear-EventLog
Get-EventLog
Limit-EventLog
New-EventLog
Remove-EventLog
Show-EventLog
Write-EventLog
<
-------------------------- EXAMPLE 1 --------------------------
PS C:\>remove-eventlog -logname MyLog
This command deletes the MyLog event log from the local computer and unregisters its event sources.
-------------------------- EXAMPLE 2 --------------------------
PS C:\>remove-eventlog -logname MyLog, TestLog -computername Server01, Server02, localhost
This command deletes the MyLog and TestLog event logs from the local computer ("localhost") and the Server01 and Server02 remote computers. The command also unregiste
rs the event sources for these logs.
-------------------------- EXAMPLE 3 --------------------------
PS C:\>remove-eventlog -source MyApp
This command deletes the MyApp event source from the logs on the local computer. When the command completes, the MyApp program cannot write to any event logs.
-------------------------- EXAMPLE 4 --------------------------
PS C:\>get-eventlog -list
Max(K) Retain OverflowAction Entries Log
------ ------ -------------- ------- ---
15,168 0 OverwriteAsNeeded 22,923 Application
15,168 0 OverwriteAsNeeded 53 DFS Replication
15,168 7 OverwriteOlder 0 Hardware Events
512 7 OverwriteOlder 0 Internet Explorer
20,480 0 OverwriteAsNeeded 0 Key Management Service
30,016 0 OverwriteAsNeeded 50,060 Security
15,168 0 OverwriteAsNeeded 27,592 System
15,360 0 OverwriteAsNeeded 18,355 Windows PowerShell
15,168 7 OverwriteAsNeeded 12 ZapLog
PS C:\>remove-eventlog -logname ZapLog
PS C:\>get-eventlog -list
Max(K) Retain OverflowAction Entries Log
------ ------ -------------- ------- ---
15,168 0 OverwriteAsNeeded 22,923 Application
15,168 0 OverwriteAsNeeded 53 DFS Replication
15,168 7 OverwriteOlder 0 Hardware Events
512 7 OverwriteOlder 0 Internet Explorer
20,480 0 OverwriteAsNeeded 0 Key Management Service
30,016 0 OverwriteAsNeeded 50,060 Security
15,168 0 OverwriteAsNeeded 27,592 System
15,360 0 OverwriteAsNeeded 18,355 Windows PowerShell
These commands show how to list the event logs on a computer and verify that a Remove-EventLog command was successful.
The first command lists the event logs on the local computer.
The second command deletes the ZapLog event log.
The third command lists the event logs again. The ZapLog event log no longer appears in the list.
-------------------------- EXAMPLE 5 --------------------------
PS C:\>get-wmiobject win32_nteventlogfile -filter "logfilename='TestLog'" | foreach {$_.sources}
MyApp
TestApp
PS C:\>remove-eventlog -source MyApp
PS C:\>get-wmiobject win32_nteventlogfile -filter "logfilename='TestLog'"} | foreach {$_.sources}
TestApp
These commands use the Get-WmiObject cmdlet to list the event sources on the local computer. You can these commands to verify the success of a command or to delete an
event source.
The first command gets the event sources of the TestLog event log on the local computer. MyApp is one of the sources.
The second command uses the Source parameter of Remove-EventLog to delete the MyApp event source.
The third command is identical to the first. It shows that the MyApp event source was deleted.