This should do what you want without the need for intermediate files:
$EventAgeDays = 7 # we will take events for the latest 7 days
$CompArr = @(".") # replace it with your server names
$LogNames = @("Security") # Checking app and system logs
$EventTypes = @("SuccessAudit", "FailureAudit" ) # Loading only SuccessAudit,FailureAudit
$SuccessCount = 0
$FailureCount = 0
$AuditTotal = 0
$SuccessByEvent = @{}
$FailureByEvent = @{}
foreach ($comp in $CompArr) {
foreach ($log in $LogNames) {
Write-Host Processing $comp\$log
Get-EventLog -ComputerName $comp -log $log -EntryType $EventTypes |
ForEach-Object{
if ($_.EntryType -eq "SuccessAudit"){
$SuccessCount++
$SuccessByEvent[$_.EventID]++
$AuditTotal++
}
elseif ($_.EntryType -eq "FailureAudit"){
$FailureCount++
$FailureByEvent[$_.EventID]++
$AuditTotal++
}
}
}
}
$MostFrequentSuccessEventCount = 0
$MostFrequentSuccessEventID = 0
$SuccessByEvent.GetEnumerator() |
ForEach-Object{
if ($_.Value -gt $MostFrequentSuccessEventCount){
$MostFrequentSuccessEventCount = $_.Value
$MostFrequentSuccessEventID = $_.Key
}
}
$MostFrequentFailureEventCount = 0
$MostFrequentFailureEventID = 0
$FailureByEvent.GetEnumerator() |
ForEach-Object{
if ($_.Value -gt $MostFrequentFailureEventCount){
$MostFrequentFailureEventCount = $_.Value
$MostFrequentFailureEventID = $_.Key
}
}
Write-Host -Fore Green "Number of Audit Failures:" $FailureCount "failures of" $AuditTotal "entries"
Write-Host -Fore Red "Most Common Event ID:" $MostFrequentFailureEventID "($MostFrequentFailureEventCount)"
Write-Host -Fore Green "Number of Audit Successes:" $SuccessCount "successes of" $AuditTotal "entries"
Write-Host -Fore Red "Most Common Event ID:" $MostFrequentSuccessEventID "($MostFrequentSuccessEventCount)"