Home ยป PowerShell Where-Object with Examples

PowerShell Where-Object with Examples

by

The Where-Object cmdlet is a built-in PowerShell command that selects objects based on specified criteria. It allows you to include or exclude objects from a pipeline based on the values of their properties.

The following examples show how to use the Where-Object cmdlet in PowerShell.

Filtering by Value

The following PowerShell script shows how to use the Where-Object to filter the processes by service status ( Stopped or Running).

Get-Service | Where-Object { $_.Status -eq "Stopped" }

# OR you can use the below script to get stopped services

Get-Service | Where-Object Status -eq "Stopped"

Output:

Powershell Where-Object Filter by Value
Powershell Where-Object Filter by Value

In this PowerShell script, the Get-Service gets all the processes on the system and pipes them to the Where-Object cmdlet.

The Where-Object command uses the filter condition to get all stopped services.

Where-Object with Multiple Conditions

You can filter the results on multiple conditions using logical operators like -and, -or and -not.

Get-Service | Where-Object { ($_.Status -eq "Stopped") -and ($_.StartType -eq "Automatic")}

Output:

Powershell Where-Object Filter by Multiple Values
Powershell Where-Object Filter by Multiple Values

In this PowerShell script, the Get-Service cmdlet gets all the services and pipes them to the Where-Object cmdlet.

The Where-Object command uses multiple conditions using the logical operator -and to filter the results.

Finally, after running the script, it returns the list of all stopped services, and the start type is set to automatic.

Where-Object with -Like

You can filter the results by using the -like operator for pattern matching with the Where-Object.

 Get-Service | Where-Object {$_.Name -like "M*"}

Output:

Powershell Where-Object Filter by Pattern Matching
Powershell Where-Object Filter by Pattern Matching

In this PowerShell example, the Get-Service gets all the processes and pipes them to the Where-Object cmdlet.

The Where-Object command uses the -like operator to filter the service name to get only those starting with the letter “M“.

The -like operator is used for pattern matching with wildcards (*).

Using Where-Object to Filter Dates Greater Than

You can use the Where-Object cmdlet in PowerShell to filter event log entries based on a date greater than a specified date.

Use Where-Object to filter dates greater than a specific date
$filteredEvents = Get-WinEvent -LogName "System" | Where-Object {$_.TimeCreated -gt "5/22/2024"}

# Output the filtered files
$filteredEvents

Output:

Powershell where-object date greater than
Powershell where-object date greater than

In this example, the Get-WinEvent cmdlet retrieves event log entries from the specified -LogName, which in this case is the System log.

We then use the Where-Object cmdlet to filter event log entries comparing each entry’s TimeCreated property to the specified date. The -gt operator checks if the TimeCreated property is greater than the provided date.

Conclusion

I hope the above article on filtering the objects in PowerShell using the Where-Object cmdlet is helpful to you.

The Where-Object cmdlet allows you to specify the conditions and filter objects based on their properties, conditions, pattern matching, and nested property access.

You can find more topics about Active Directory tools and PowerShell basics on the ActiveDirectoryTools home page.