secabstraction/StashableObjects.ps1

## StashableObjects.ps1
$Parameters = @{
    CimSession = $CimSession
    ClassName = 'Win32_NTLogEvent'
    Filter = $Filter
    ErrorAction = 'Continue'
    ErrorVariable = 'Errors'
}

Get-CimInstance @Parameters | foreach {

    # Convert the TimeGenerated property to an elastic compatible format
    $TimeCreated = $_.TimeGenerated.ToString("yyyy-MM-ddTHH:mm:ss.fffffff00K")

    # DateCreated property used for elastic indexing
    $DateCreated = $_.TimeGenerated.ToString("yyyy-MM-dd")

    # Enumerate event type from value
    $EventType = switch ($_.EventType) {
            5 { 'FailureAudit' }
            4 { 'SuccessAudit' }
            3 { 'Information' }
            2 { 'Warning' }
            1 { 'Error' }
      default { 'None' }
    }

    # Create a custom object
    $EventLogEntry = [pscustomobject]@{
        Id = $_.ComputerName + '-' + $_.RecordNumber # or [Guid]::NewGuid().Guid
        TimeCreated = $TimeCreated
        DateCreated = $DateCreated
        EventId = $_.EventCode
        ComputerName = $_.ComputerName
        Level = $EventType
        Provider = $_.SourceName
        LogName = $_.LogFile
        Category = $_.CategoryString
        Type = $_.Type
        InsertionStrings = $_.InsertionStrings
        Message = $_.Message
        User = $_.User
    }

    # Give object a TypeName for indexing into elastic
    $EventLogEntry.PSObject.TypeNames.Insert(0, 'eventlogentry')

    Write-Output $EventLogEntry
}
	$Parameters = @{
	CimSession = $CimSession
	ClassName = 'Win32_NTLogEvent'
	Filter = $Filter
	ErrorAction = 'Continue'
	ErrorVariable = 'Errors'
	}

	Get-CimInstance @Parameters \| foreach {

	# Convert the TimeGenerated property to an elastic compatible format
	$TimeCreated = $_.TimeGenerated.ToString("yyyy-MM-ddTHH:mm:ss.fffffff00K")

	# DateCreated property used for elastic indexing
	$DateCreated = $_.TimeGenerated.ToString("yyyy-MM-dd")

	# Enumerate event type from value
	$EventType = switch ($_.EventType) {
	5 { 'FailureAudit' }
	4 { 'SuccessAudit' }
	3 { 'Information' }
	2 { 'Warning' }
	1 { 'Error' }
	default { 'None' }
	}

	# Create a custom object
	$EventLogEntry = [pscustomobject]@{
	Id = $_.ComputerName + '-' + $_.RecordNumber # or [Guid]::NewGuid().Guid
	TimeCreated = $TimeCreated
	DateCreated = $DateCreated
	EventId = $_.EventCode
	ComputerName = $_.ComputerName
	Level = $EventType
	Provider = $_.SourceName
	LogName = $_.LogFile
	Category = $_.CategoryString
	Type = $_.Type
	InsertionStrings = $_.InsertionStrings
	Message = $_.Message
	User = $_.User
	}

	# Give object a TypeName for indexing into elastic
	$EventLogEntry.PSObject.TypeNames.Insert(0, 'eventlogentry')

	Write-Output $EventLogEntry
	}