Need some help parsing the following info in hundreds of log files

Tagged: ,

This topic contains 3 replies, has 3 voices, and was last updated by Profile photo of I Am Sir Ask Alot I Am Sir Ask Alot 2 years, 1 month ago.

  • Author
    Posts
  • #24578
    Profile photo of I Am Sir Ask Alot
    I Am Sir Ask Alot
    Participant

    I am quite resourceful for the most part when it comes to PowerShell tasks, but when it comes to parsing info, NOT so much.

    There are hundreds of log files in a directory that contain info that looks like this:

    [blockquote]Current Logged On User: TestUser

    ComputerName : TestComputer
    AppID : {90150000-003B-0000-0000-0000000FF1CE}
    AppName : Microsoft Project Professional 2013
    Publisher : Microsoft Corporation
    Version : 15.0.4420.1017
    Architecture : 32-bit

    ComputerName : TestComputer
    AppID : {90150000-0051-0000-0000-0000000FF1CE}
    AppName : Microsoft Visio Professional 2013
    Publisher : Microsoft Corporation
    Version : 15.0.4420.1017
    Architecture : 32-bit[/blockquote]

    I need help getting just the current logged on user name, the computer name, and the application name. The "ComputerName" category shows up twice in a log file and creates duplicates as shown above for the same computer name, if it has more than one app installed that I am looking for, such as Project and Visio.

    What I am trying to arrive at is how to parse hundreds of these log files and output all the data in one clean report that looks something like this:

    [blockquote]Current Logged On User: TestUser

    ComputerName : TestComputer

    AppName : Microsoft Project Professional 2013

    AppName : Microsoft Visio Professional 2013[/blockquote]

    Any help would be GREATLY appreciated, as always.

    Thanks everyone.

  • #24582
    Profile photo of Matt Bloomfield
    Matt Bloomfield
    Participant

    Here's a little starter script for you which demonstrates the -match comparison operator. -match auto-populates the $matches collection with any matches it finds. For the computer name, you can select the first object in that collection by specifying the index [0] which will eliminate your duplicates.

    foreach ($logFile in (Get-ChildItem 'F:\logs')) {
    
        $content = Get-Content $logFile.FullName
    
        $content -match 'Current*'
        ($content -match 'ComputerName*')[0]
        $content -match 'AppName*'
    
    }
    
  • #24602
    Profile photo of Craig Duff
    Craig Duff
    Participant
    $log = @"
    Current Logged On User: TestUser
    
    ComputerName : TestComputer
    AppID : {90150000-003B-0000-0000-0000000FF1CE}
    AppName : Microsoft Project Professional 2013
    Publisher : Microsoft Corporation
    Version : 15.0.4420.1017
    Architecture : 32-bit
    
    ComputerName : TestComputer
    AppID : {90150000-0051-0000-0000-0000000FF1CE}
    AppName : Microsoft Visio Professional 2013
    Publisher : Microsoft Corporation
    Version : 15.0.4420.1017
    Architecture : 32-bit
    "@ -split "`r`n"
    
    $log | Select-String -Pattern "Current Logged On User","ComputerName" | Select-Object -First 1
    $log | Select-String -Pattern "AppName"

    Seems like a job for Select-String.

  • #24615
    Profile photo of I Am Sir Ask Alot
    I Am Sir Ask Alot
    Participant

    Matt, I think that did the trick for me. Thanks a bunch.

    Thank you as well, Craig.

You must be logged in to reply to this topic.