Extract information from Log file using powershell

Welcome Forums General PowerShell Q&A Extract information from Log file using powershell

This topic contains 4 replies, has 4 voices, and was last updated by

 
Moderator
2 years, 2 months ago.

  • Author
    Posts
  • #54508

    Participant
    Points: 0
    Rank: Member

    Hi all,

    i have to extract the total number of times a mail id occurred with the count . I want the top 5 list. example

    Domain count
    ——- ——-
    a@b.com 10
    a@bb.com 3
    a.4@c.com 2

    here is the log file :

  • #54511

    Moderator
    Points: 24
    Team Member
    Rank: Member

    Very important in the future please do not post the content of internal log files without changing details like email addresses to something anonymous. You've just exposed hundreds of email addresses of your company to spam bots crawling the web.

    A combination of RegEx and the Group-Object cmdlet usually works great for me if I need to extract and count the value of properties. I've created a sample script for you which works on the log file you've provided.

  • #54512

    Participant
    Points: 316
    Helping Hand
    Rank: Contributor

    Have you tried anything? If you simply want occurrences of the email address, you should look at a REGEX pattern for email addresses. If you want the date as well, you can find regex pattern for the date format and use grouping and match both with a single REGEX pattern.

  • #54530

    Participant
    Points: 10
    Rank: Member
    # list top 5 results
    $file = Get-ChildItem '\\path\to\logfile.log'
    $users = switch -regex -file $file {
    'User (.*) logged on' {$Matches[1]} 
    }
    
    $users | Group-Object | Sort-Object -Descending -Property count|
    Select-Object Name,Count -First 5
    }
    
  • #54531

    Moderator
    Points: 24
    Team Member
    Rank: Member

    @random Cool. I was not aware of the -file parameter for the switch statement. Thanks very much for the example.

The topic ‘Extract information from Log file using powershell’ is closed to new replies.