{"id":441,"date":"2009-11-25T10:53:37","date_gmt":"2009-11-25T17:53:37","guid":{"rendered":"http:\/\/kmwoley.com\/blog\/?p=441"},"modified":"2009-11-25T11:02:18","modified_gmt":"2009-11-25T18:02:18","slug":"where-to-find-chkdsk-results-in-vista-windows-7","status":"publish","type":"post","link":"https:\/\/kmwoley.com\/blog\/where-to-find-chkdsk-results-in-vista-windows-7\/","title":{"rendered":"Where to find CHKDSK results in Vista, Windows 7"},"content":{"rendered":"

\"powershell-chkdsk\"<\/a><\/p>\n

My recent hard disk failure made me realize that I had no idea where to find the CHDSK logs that are created when Windows runs CHKDSK at boot. In my case, I had just installed a drive that had a bunch of NTFS corruptions caused by a different computer.<\/p>\n

Below I walk though what I think is the easiest way to find the CHKDSK logs (and more) which are available in the Windows Event Log.<\/p>\n

<\/p>\n

Short Answer<\/u> <\/strong><\/p>\n

\n

1. Start Windows PowerShell as Administrator<\/strong>
\"image\"<\/strong><\/a> <\/p>\n<\/blockquote>\n

\n

2. Type in the following at the prompt:<\/strong>
get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername \u2013match "wininit"} | fl timecreated, message<\/font><\/p>\n

Note: if you want to limit the search to just the recent events, you can add the starttime="11\/25\/2009"<\/font> to the FilterHashTable parameter above.<\/em><\/p>\n

<\/em>\"powershell-chkdsk\"<\/a> <\/p>\n<\/blockquote>\n

<\/strong><\/p>\n

Long Answer<\/u><\/strong><\/p>\n

Windows Event Log
<\/strong>Windows stores the results of CHKDSK, among other things, in the Windows Event Log. This is a good thing because the Event Log does a great job managing a lot of data. Given that so many different parts of the OS are involved in writing to the disk, it wouldn\u2019t make sense to write the results in several different text files. You\u2019d never be able to find out anything. The only downside to this is that you have to learn to use the Event Log, which isn\u2019t that hard.<\/p>\n

Windows PowerShell & the Event Log
<\/strong>The easiest way to read the Event Log is to use Windows PowerShell<\/a> and the Get-WinEvent cmdlet<\/a>. (Note: Windows PowerShell is built into Windows 7\/Server 2008 R2.  You will have to install PowerShell V2 on Windows Vista<\/a> to get this to work.)<\/p>\n

PowerShell makes it is easy to just for exactly what you need. For example, in the \u201cShort Answer\u201d above I just ask for the specific CHKDSK event ID 1001 from the \u201cMicrosoft-Windows-Wininit\u201d event provider:<\/p>\n

get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername \u2013match "wininit"} | fl timecreated, message<\/font><\/p>\n

But how did you know where to find that!?
<\/strong>Truthfully, I really didn\u2019t. I had to dig. This is one of the reasons I use PowerShell. Sometimes I have to ask for everything and filter through to find what I want. In this case, I started with looking at absolutely everything that had happened since 7:00am today, which was the time of my last boot. I dumped this all to Out-GridView so I could see it easily.<\/p>\n

get-winevent -FilterHashTable @{logname="*"; starttime="7:00am"} | select timecreated,providername,id,containerlog,message | out-gridview<\/font><\/p>\n

\"Capture<\/a> <\/p>\n

(Note: that the \u2018starttime\u2019 can take all manner of date and time formats, e.g. 11\/25\/2009 would have worked as well. If you need to set an upper bound on the time, use \u2018endtime\u2019.)<\/em><\/p>\n

Next, I used Out-GridView to filter the results looking for the keyword \u201cCHKDSK\u201d in the Message field. This showed me who logged the event (Microsoft-Windows-Wininit) and what ID the event has (1001). From there, I created the query that is in the \u201cShort\u201d answer above.<\/p>\n

What about other related events?
<\/strong>I was wondering the same thing. Probably the most useful query here is to search for the keyword \u201cDisk\u201d in Out-GridView which will show you several events of interest. It was interesting to see that there are also several events from NTFS, for example, which have indicated that the volume was corrupt in the first place. Also, I apparently have a few bad blocks on some of my disks I\u2019m gonna see about taking care of… <\/p>\n

Alternatives
<\/strong>You can also see the same data in the Windows EventViewer, but I find it much harder to find things in there unless you know exactly what you\u2019re looking for. The Event Viewer can be found on Vista and Windows 7 by going to Start and then searching for \u201cEvent Viewer\u201d.<\/p>\n","protected":false},"excerpt":{"rendered":"

My recent hard disk failure made me realize that I had no idea where to find the CHDSK logs that are created when Windows runs CHKDSK at boot. In my case, I had just installed a drive that had a bunch of NTFS corruptions caused by a different computer. Below I walk though what I … Continue reading Where to find CHKDSK results in Vista, Windows 7<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[198,229,235,233,232,234,231,230,184,193],"class_list":["post-441","post","type-post","status-publish","format-standard","hentry","category-geek","tag-boot","tag-chkdsk","tag-disk","tag-event-log","tag-get-winevent","tag-hard-disk","tag-log","tag-results","tag-vista","tag-windows-7"],"_links":{"self":[{"href":"https:\/\/kmwoley.com\/blog\/wp-json\/wp\/v2\/posts\/441","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kmwoley.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kmwoley.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kmwoley.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kmwoley.com\/blog\/wp-json\/wp\/v2\/comments?post=441"}],"version-history":[{"count":4,"href":"https:\/\/kmwoley.com\/blog\/wp-json\/wp\/v2\/posts\/441\/revisions"}],"predecessor-version":[{"id":463,"href":"https:\/\/kmwoley.com\/blog\/wp-json\/wp\/v2\/posts\/441\/revisions\/463"}],"wp:attachment":[{"href":"https:\/\/kmwoley.com\/blog\/wp-json\/wp\/v2\/media?parent=441"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kmwoley.com\/blog\/wp-json\/wp\/v2\/categories?post=441"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kmwoley.com\/blog\/wp-json\/wp\/v2\/tags?post=441"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}