Count String - Hourly

This topic contains 2 replies, has 2 voices, and was last updated by  Vinod Kumar 2 years, 5 months ago.

  • Author
  • #25113

    Vinod Kumar

    Hi All,

    Need some direction on the Powershell script that am working on.

    On a daily basis (24 hours) we scan around 265 logs with size of around 30 MB each containing 200000 lines in each file. We look for a particular string and count them. I was manage to write a simple one line command to do that and it seems effective too.

    Select-String -AllMatches 'Received request' .\cur204_*.log | % {$sum=0} {$sum += $_.matches.count} {$sum}

    This gives us the total count in all the files. But the dilemma now is we need to get the results based on the time. the log file looks like the following

    ABC0405I 08052015 00:57:17 System Task — Received request for new connection from

    In the above it represents the time 00:57:17 which means around 12 midnight there is a request.

    So what we need is count the string that has occured for each hour.

    Appreciate your help on this.


  • #25114

    Dave Wyatt

    You'd want a bit of string parsing, followed by Group-Object. Something like this:

    $dates =  Select-String -AllMatches '^\S+\s+(\d{2})(\d{2})(\d{4})\s+(\d{2}):\d{2}:\d{2}.*Received request.*$' .\cur204_*.log |
              ForEach-Object {
                  $month = [int]$_.Matches[0].Groups[1].Value
                  $day   = [int]$_.Matches[0].Groups[2].Value
                  $year  = [int]$_.Matches[0].Groups[3].Value
                  $hour  = [int]$_.Matches[0].Groups[4].Value
                  New-Object psobject -Property @{
                      Hour = '{0:D2}{1:D2}{2:D4}:{3:D2}' -f $month, $day, $year, $hour
                      Line = $_.Matches[0].Groups[0].Value
    $dates | Group-Object -Property Hour
  • #25149

    Vinod Kumar

    Hi Dave –

    Thanks. I will run this script and get back to you if required.


You must be logged in to reply to this topic.