Author Posts

May 11, 2015 at 6:58 pm

Hi All,

Need some direction on the Powershell script that am working on.

On a daily basis (24 hours) we scan around 265 logs with size of around 30 MB each containing 200000 lines in each file. We look for a particular string and count them. I was manage to write a simple one line command to do that and it seems effective too.

Select-String -AllMatches 'Received request' .\cur204_*.log | % {$sum=0} {$sum += $_.matches.count} {$sum}

This gives us the total count in all the files. But the dilemma now is we need to get the results based on the time. the log file looks like the following

ABC0405I 08052015 00:57:17 System Task — Received request for new connection from

In the above it represents the time 00:57:17 which means around 12 midnight there is a request.

So what we need is count the string that has occured for each hour.

Appreciate your help on this.

Regards,
Vinod

May 11, 2015 at 7:55 pm

You'd want a bit of string parsing, followed by Group-Object. Something like this:

$dates =  Select-String -AllMatches '^\S+\s+(\d{2})(\d{2})(\d{4})\s+(\d{2}):\d{2}:\d{2}.*Received request.*$' .\cur204_*.log |
          ForEach-Object {
              $month = [int]$_.Matches[0].Groups[1].Value
              $day   = [int]$_.Matches[0].Groups[2].Value
              $year  = [int]$_.Matches[0].Groups[3].Value
              $hour  = [int]$_.Matches[0].Groups[4].Value
              
              New-Object psobject -Property @{
                  Hour = '{0:D2}{1:D2}{2:D4}:{3:D2}' -f $month, $day, $year, $hour
                  Line = $_.Matches[0].Groups[0].Value
              }
          }

$dates | Group-Object -Property Hour

May 13, 2015 at 2:02 am

Hi Dave –

Thanks. I will run this script and get back to you if required.

Regards,
Vinod