Site Logo Image Maintenance Scripts

A repository of PowerShell Scripts to automate a variety of IT related maintenance tasks.

© 2025. All rights reserved.

Get-RageQuitEvents.ps1

19 Sep 2025

Description

Purpose

Retrieves RageQuit-related event log entries from the Windows Application log.

Detailed Description

Returns event log entries generated by the RageQuit function, filtered by time range and event ID. Includes improved error handling and output formatting. Uses Get-WinEvent for better performance.

Back to Top

Usage

Example 1

Get-RageQuitEvents -StartTime (Get-Date).AddDays(-7)

Retrieves up to 100 RageQuit-related logs from the past week.

Example 2

Get-RageQuitEvents -MaxEvents 50

Retrieves up to 50 RageQuit-related logs from the past 24 hours.

Back to Top

Notes

Author: RDGScripts Maintainers Date: 2025-09-02 Prerequisites: The “RageQuit” event source must exist in the Application log.

Back to Top

Script

function Get-RageQuitEvents {
    <#
    .SYNOPSIS
        Retrieves RageQuit-related event log entries from the Windows Application log.

    .DESCRIPTION
        Returns event log entries generated by the RageQuit function, filtered by time range and event ID. Includes improved error handling and output formatting. Uses Get-WinEvent for better performance.

    .PARAMETER StartTime
        The start time from which to begin retrieving logs. Defaults to 24 hours ago.

    .PARAMETER EndTime
        The end time until which to retrieve logs. Defaults to the current time.

    .PARAMETER MaxEvents
        The maximum number of events to retrieve. Defaults to 100.

    .EXAMPLE
        Get-RageQuitEvents -StartTime (Get-Date).AddDays(-7)
        # Retrieves up to 100 RageQuit-related logs from the past week.

    .EXAMPLE
        Get-RageQuitEvents -MaxEvents 50
        # Retrieves up to 50 RageQuit-related logs from the past 24 hours.

    .INPUTS
        None. You cannot pipe objects to this function.

    .OUTPUTS
        PSCustomObject. Returns objects with event details and user information.

    .NOTES
        Author: RDGScripts Maintainers
        Date: 2025-09-02
        Prerequisites: The "RageQuit" event source must exist in the Application log.
    #>

    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $false, HelpMessage = "The start time from which to begin retrieving logs.")]
        [datetime]$StartTime = (Get-Date).AddHours(-24),

        [Parameter(Mandatory = $false, HelpMessage = "The end time until which to retrieve logs.")]
        [datetime]$EndTime = (Get-Date),

        [Parameter(Mandatory = $false, HelpMessage = "The maximum number of events to retrieve.")]
        [int]$MaxEvents = 100
    )

    process {
        $logName = "Application"
        $source = "RageQuit"
        $eventID = 1001

        Write-Verbose "Retrieving event log entries for source '$source' from '$logName' log between $StartTime and $EndTime."

        # Check if the event source exists
        try {
            $sourceExists = Get-WinEvent -ListLog $logName -ErrorAction Stop | Where-Object { $_.LogName -eq $logName }
            if (-not $sourceExists) {
                Write-Error "Event log '$logName' not found."
                return
            }
        } catch {
            Write-Error "Failed to check event log: $($_.Exception.Message)"
            return
        }

        try {
            $filter = @{
                LogName   = $logName
                StartTime = $StartTime
                EndTime   = $EndTime
                ID        = $eventID
                ProviderName = $source
            }
            $events = Get-WinEvent -FilterHashtable $filter -MaxEvents $MaxEvents -ErrorAction Stop
        }
        catch [System.Diagnostics.Eventing.Reader.EventLogNotFoundException] {
            Write-Error "Event log '$logName' not found."
            return
        }
        catch [System.Diagnostics.Eventing.Reader.EventLogException] {
            Write-Error "Failed to retrieve event log entries: $($_.Exception.Message)"
            return
        }
        catch {
            Write-Error "An unexpected error occurred: $($_.Exception.Message)"
            return
        }

        if ($null -eq $events -or $events.Count -eq 0) {
            Write-Output "No events found for source '$source' in the specified time range."
            return
        }

        Write-Verbose "Found $($events.Count) event(s) related to RageQuit."
        $events | ForEach-Object {
            $userMatch = $_.Message -match "User: (.+)"
            [pscustomobject]@{
                TimeCreated        = $_.TimeCreated
                Id                 = $_.Id
                LevelDisplayName   = $_.LevelDisplayName
                ProviderName       = $_.ProviderName
                UserName           = if ($userMatch) { $matches[1] } else { "N/A" }
                Message            = $_.Message
                LogName            = $_.LogName
                MachineName        = $_.MachineName
            }
        }
    }
}

Back to Top

Download

Please feel free to copy parts of the script or if you would like to download the entire script, simply click the download button. You can download the complete repository in a zip file by clicking the Download link in the menu bar on the left hand side of the page.

Report Issues

You can report an issue or contribute to this site on GitHub. Simply click the button below and add any relevant notes. I will attempt to respond to all issues as soon as possible.

Issue

Back to Top