Need Help with PS script

Welcome Forums General PowerShell Q&A Need Help with PS script

Viewing 4 reply threads
  • Author
    Posts
    • #254297
      Participant
      Topics: 1
      Replies: 1
      Points: 13
      Rank: Member

      So I’m attempted to create a script that look for a specific string inside a .log file and export it to csv file. For example:

       

      5008( 2780) 08/21/2020 02:01:53 JS I TypeError: task has no properties

      5008( 2780) 08/21/2020 02:01:58 JS I TypeError: task has no properties

      5008( 2780) 08/21/2020 02:02:03 JS I TypeError: task has no properties

      5008( 2780) 08/21/2020 02:02:08 JS I TypeError: task has no properties

      5008( 2780) 08/21/2020 02:02:14 JS I TypeError: task has no properties

      5008( 2780) 08/21/2020 02:02:19 JS I TypeError: task has no properties

      4672( 4900) 08/21/2020 02:02:50 JS I INFO - CalcChartSvc - ------- Calculating the charts ------

      4672( 4900) 08/21/2020 02:02:50 JS I INFO - CalcChartSvc - Current Operator: report.calccharts

      5008( 2164) 08/21/2020 02:08:20 JRTE I Initialize successfully.

      4672( 4900) 08/21/2020 02:12:52 JS I INFO - CalcChartSvc - Switching to operator: Incident.Manager, previous: report.calccharts

      4672( 4900) 08/21/2020 02:12:52 RTE W ResetMandanten, operator Incident.Manager is not found

      5008( 364) 08/21/2020 02:14:54 RTE A Mapping-3-globallists,server.application, SQL Query incomplete because field (server.application) not mapped in file (globallists)

      5008( 364) 08/21/2020 02:14:54 RTE A SUMMARY-1 The following event has been reported 15 times in the last 30 minute(s)

      5008( 3336) 08/21/2020 03:00:27 RAD I [ERROR][SX_EntityChangeV2]: Trigger entityAfterUpdate incidents RF104462 failed: Could not find incident with id=RF104462, rc=No (more) records found

      5008( 3336) 08/21/2020 03:00:41 RAD I [ERROR][SX_EntityChangeV2]: Trigger entityAfterUpdate request RF110543 failed: Could not find incident for dependency RF110543, rc=No (more) records found

       

      What I want to end up seeing is:

      ErrorLog           DATE              TIME          ErrorCode                ErrorType                                             Message

      5008( 3336), 08/21/2020, 03:00:41,  RAD I,   [ERROR][SX_EntityChangeV2]:,  Trigger entityAfterUpdate request RF110543 failed: Could not find incident for dependency RF110543, rc=No (more) records found

       

      I’m getting stuck whether I should create a custom object with hash. Or use regex and substring method.

       

      Any input will help at this point

       

       

      =======

      Update

      So I was able to write this script to parse the log file using regex:

      (Get-Content.\sm.test.txt-Raw)-split'(\s\s\d\d\d\d.\s\s\d\d\d\d.|\d\d\d\d.\s\s\d\d\d\d.|\s+\d+.\s+\d\d\d.)\s(\d\d\D\d\d\D\d\d\d\d)\s(\d{2}:\d{2}:\d{2})\s+(\w+\s\w+)\s(.*)'|
      Where{$_}|
      ForEach-Object{
      [PSCustomObject]@{
      'Col1'=$_.SubString(0,12)
      'Col2'=$_.Substring(12).Trim()
      }
      }
      But when running the code, i would get and error message :
      [PSCustomObject]@{
      Exception calling “Substring” with “2” argument(s): “Index and length must refer to a location within the string. (Parameter ‘length’)”
      Something I’m missing?
      • This topic was modified 3 weeks, 2 days ago by Mr.Smiles. Reason: update
    • #254312
      Participant
      Topics: 1
      Replies: 1
      Points: 13
      Rank: Member

      So I was able to write up this regex to parse the log file:

      But when running script, I get an error message for

      Something I’m missing?

    • #254426
      Participant
      Topics: 25
      Replies: 186
      Points: 664
      Helping Hand
      Rank: Major Contributor
    • #254558
      Participant
      Topics: 0
      Replies: 81
      Points: 362
      Helping Hand
      Rank: Contributor

      I personally would not bother with using the -Raw switch here. If you read without -Raw, each line will be its own array element and can be parsed independently. Whatever parsing techniques you use will then apply to each line equally.

      I would use the -match operator and named capture groups. You can name the groups what you want your column/property names to be. When you use -match against a single string and find a successful match, the $matches variable (which is a hash table) will contain each capture group name as a key and the matched text as a value.

      I am choosing to exclude capture group 0 because that is the full match. The downside with creating a custom object directly from $matches is the order of the properties. If you want to control the order of the properties, you will need to explicitly call out those capture group names when building your object.

       

    • #254615
      Participant
      Topics: 8
      Replies: 568
      Points: 2,171
      Helping Hand
      Rank: Community Hero

      AdminofThings always offers great advice, the same is true here. I just wanted to provide an additional way to achieve your desired results, using ConvertFrom-String.

      First, we build a template

      Now we apply that template to the data using ConvertFrom-String. You could potentially add more “training” data to exclude the additional lines, but that would be much more involved than just filtering based on the error type. Adding more training data may also have a negative impact. The key with ConvertFrom-String template is to provide just enough training data without over doing it.

      The output (also captured in the $results variable)

      This is how you’d do the same from a file. If the file isn’t too large, -Raw will speed it up. ConvertFrom-String will work with or without -Raw.

      And you can further process the data using the variable.

Viewing 4 reply threads
  • You must be logged in to reply to this topic.