Author: Adam Bertram
One of the most common metrics we can get is general “uptime.” Uptime might mean different things to different people but, today, we’ll think of it as the time in which a Windows server has been booted up. Granted, it’s not the most sophisticated metric for uptime, but it gives you an idea of how often a server is rebooted, shutdown or lost power for whatever reason.
Whenever a Windows computer is booted up it will always register an event 6005 in the System event log; when shutdown, it will always register an event ID 6006 in the System event log. Using PowerShell and some simple date comparisons we can build a script that will show us when a computer was booted up, when it was shut down, when it came back up and when it got shut down again. We can see this information as far back as the event log goes. By then comparing the startup and shutdown dates we can build a helpful report of the times a server was down and for how long.
First, we’ll need to query the System event log. I like to use Get-WinEvent because it’s typically faster than using Get-EventLog. To only query the System event log and the 6005 ID to find all startup times, we’ll need to use the -FilterHashTable parameter.