ReplacementStrings: http://msdn.microsoft.com/en-us/library/system.diagnostics.eventlogentry.replacementstrings(v=vs.110).aspx
The replacement strings are returned as a array, so the [#] indicates the index.
PS C:\> $rs = get-eventlog -LogName System -Newest 1 | Select ReplacementStrings PS C:\> $rs ReplacementStrings —————— {Background Intelligent Transfer Service, auto start, demand start, BITS} PS C:\> $rs.ReplacementStrings[1] auto start
So, the script is accessing different parts of the ReplacementStrings using the array index to filter the results. The $eventList variable is an empty array to append object to. The $row = "" | Select… basically creates a PSObject with those properties and then the $row.UserName = fills the property with data and the final line $eventList += $row appends the object into the array. There are numerous ways to create an custom PSObject, but that way is a bit confusing. You could replace all of this:
| foreach-Object {
$row = "" | Select UserName, LoginTime, LogonType
$row.UserName = $_.ReplacementStrings[5]
$row.LogonType = $_.ReplacementStrings[8]
$row.LoginTime = $_.TimeGenerated
$eventList += $row
}
with Select-Object and calculated properties and let Powershell generate the object for you:
| Select-Object @{Label="UserName";Expression={$_.ReplacementStrings[5]}},@{Label="LogonType";Expression={$_.ReplacementStrings[8]}},@{Label="LoginTime";Expression={$_.TimeGenerated}}
As far as how long the script takes to run could be multiple things including running locally, over the network, the size of the log, etc., so one can only speculate. You can try removing date\time from the query to see if it corrects the behavior to troubleshoot.