Extracting data from logdile

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of  Anonymous 2 weeks, 4 days ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #54030
    Profile photo of
    Anonymous

    Hi, im stuck and need some help. I got a logfile that i want to extract a date from, and error messages. I've created two regex filters. I only want thoose lines matching both patterns and put them in a custom object. Below is a example of a line i want:

    [2016-09-02 23:08:00:366 CEST] 00000016 ThreadMonitor W   WSVR0605W: Thread "WebContainer : 0" (00000023) has been active for 646873 milliseconds and may be hung.  There is/are 1 thread(s) in total in the server that may be hung.

    This is my code so far:

    $str = Get-Content 'C:\Temp\SystemOut_16.09.03_23.00.00.log'
    $linescount = $str.Count
    $datetime = (Get-Content 'C:\Temp\SystemOut_16.09.03_23.00.00.log' | Select-String -Pattern '\d+-\d+-\d+\W\d+\W\d+\W\d+\W\d+').Matches.Value
    $message = (Get-Content 'C:\Temp\SystemOut_16.09.03_23.00.00.log' | Select-String -Pattern 'ThreadMonitor(.*)').Matches.value
    
    
    Add-Type @'
    public class WS
    {
        public string dateTime;
        public string message;
    }
    '@
    
    $ObjWS = @()
    
    for($i=0;$i -lt ($linescount);$i++){
    
        
    $objTemp = New-Object WS
    
                
                $objTemp.DateTime = $dateTime[$i]
                $objTemp.Message = $message[$i]
                
                
                $ObjWS += $objTemp
            }
                
    
        
        Return $ObjWS

    And the outpu looks like this:

    dateTime                message                                                                                                                                                                                                       
    --------                -------                                                                                                                                                                                                       
    2016-09-02 23:01:36:021 ThreadMonitor W   WSVR0605W: Thread "WebContainer : 0" (00000023) has been active for 646873 milliseconds and may be hung.  There is/are 1 thread(s) in total in the server that may be hung.                 
    2016-09-02 23:02:45:517 ThreadMonitor W   WSVR0606W: Thread "WebContainer : 0" (00000023) was previously reported to be hung but has completed.  It was active for approximately 6135706 milliseconds.  There is/are 0 thread(s) in...
    2016-09-02 23:08:00:366 ThreadMonitor W   WSVR0605W: Thread "WebContainer : 0" (00000023) has been active for 628247 milliseconds and may be hung.  There is/are 1 thread(s) in total in the server that may be hung.                 
    2016-09-03 00:39:29:199 ThreadMonitor W   WSVR0606W: Thread "WebContainer : 0" (00000023) was previously reported to be hung but has completed.  It was active for approximately 1389169 milliseconds.  There is/are 0 thread(s) in...
    2016-09-03 02:06:02:401                                                                                                                                                                                                               
    2016-09-03 02:06:03:228                                                                                                                                                                                                               
    2016-09-03 02:17:00:709....
    #54031
    Profile photo of Olaf Soyk
    Olaf Soyk
    Participant

    Hi,

    maybe this helps:

    $str = Get-Content 'C:\Temp\SystemOut_16.09.03_23.00.00.log'
    $Output = foreach ($Line in $str) {
        $Line -match '(\d+-\d+-\d+\W\d+\W\d+\W\d+\W\d+).*(ThreadMonitor.*)$' | Out-Null
        [PSCustomObject]@{
            dateTime = $Matches[1]
            message = $Matches[2]
        }
    }
    $output
    
    • This reply was modified 2 weeks, 4 days ago by Profile photo of Olaf Soyk Olaf Soyk.
    #54034
    Profile photo of
    Anonymous

    Thanks Olaf, you pointed me in the right direction! This is the final result:

    $str = Get-Content 'C:\Temp\SystemOut_16.09.03_23.00.00.log'
    $Output = foreach ($Line in $str) {
        if($Line -match '(\d+-\d+-\d+\W\d+\W\d+\W\d+\W\d+).*(ThreadMonitor.*)$') {
        [PSCustomObject]@{
            dateTime = $Matches[1]
            message = $Matches[2]
        }
    }}
    $output
Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.