# Listing 1: RetrieveAppEvents.ps1

# BEGIN CALLOUT A
# Calculate the datetime for one day earlier than the current datetime.
$date = (get-date).addDays(-1)
# END CALLOUT A

# BEGIN CALLOUT B
# Create a function to format the entry types.
function FormatEntryType ($file)
{
  # Retrieve the content from the AppEvents.txt file.
  # Replace the error and warning entry types.
  # Output the changes to AppEvents_EntryTypes.txt.
  get-content $file | 
  foreach-object { $_ -replace "error", "*** ERROR ***" } | 
  foreach-object { $_ -replace "warning", "* Warning *" } | 
  out-file -filePath c:\scripts\AppEvents_EntryTypes.txt
}
# END CALLOUT B

# BEGIN CALLOUT C
# Retrieve the application events for the past day.
$events = get-eventlog application | where-object `
  {$_.timeGenerated -gt $date}
# END CALLOUT C

# BEGIN CALLOUT D
# Output the application events to AppEvents.txt. Record only
# the time of the event, entry type, source, and message.
$events | foreach-object { out-file -filePath c:\scripts\AppEvents.txt -append `
  -inputObject $_.timeGenerated, $_.entryType, $_.source, $_.message }
# END CALLOUT D

# BEGIN CALLOUT E
# Run the FormatEntryType function against AppEvents.txt.
FormatEntryType c:\scripts\AppEvents.txt
# END CALLOUT E