Extract information from Log file using powershell

This topic contains 4 replies, has 4 voices, and was last updated by Profile photo of Daniel Krebs Daniel Krebs 2 months, 1 week ago.

  • Author
    Posts
  • #54508
    Profile photo of Amar Helloween
    Amar Helloween
    Participant

    Hi all,

    i have to extract the total number of times a mail id occurred with the count . I want the top 5 list. example

    Domain count
    ——- ——-
    a@b.com 10
    a@bb.com 3
    a.4@c.com 2

    here is the log file :

  • #54511
    Profile photo of Daniel Krebs
    Daniel Krebs
    Participant

    Very important in the future please do not post the content of internal log files without changing details like email addresses to something anonymous. You've just exposed hundreds of email addresses of your company to spam bots crawling the web.

    A combination of RegEx and the Group-Object cmdlet usually works great for me if I need to extract and count the value of properties. I've created a sample script for you which works on the log file you've provided.

  • #54512
    Profile photo of Rob Simmers
    Rob Simmers
    Participant

    Have you tried anything? If you simply want occurrences of the email address, you should look at a REGEX pattern for email addresses. If you want the date as well, you can find regex pattern for the date format and use grouping and match both with a single REGEX pattern.

  • #54530
    Profile photo of random commandline
    random commandline
    Participant
    # list top 5 results
    $file = Get-ChildItem '\\path\to\logfile.log'
    $users = switch -regex -file $file {
    'User (.*) logged on' {$Matches[1]} 
    }
    
    $users | Group-Object | Sort-Object -Descending -Property count|
    Select-Object Name,Count -First 5
    }
    
  • #54531
    Profile photo of Daniel Krebs
    Daniel Krebs
    Participant

    @random Cool. I was not aware of the -file parameter for the switch statement. Thanks very much for the example.

You must be logged in to reply to this topic.