Author Posts

April 22, 2015 at 10:15 pm

I am quite resourceful for the most part when it comes to PowerShell tasks, but when it comes to parsing info, NOT so much.

There are hundreds of log files in a directory that contain info that looks like this:

[blockquote]Current Logged On User: TestUser

ComputerName : TestComputer
AppID : {90150000-003B-0000-0000-0000000FF1CE}
AppName : Microsoft Project Professional 2013
Publisher : Microsoft Corporation
Version : 15.0.4420.1017
Architecture : 32-bit

ComputerName : TestComputer
AppID : {90150000-0051-0000-0000-0000000FF1CE}
AppName : Microsoft Visio Professional 2013
Publisher : Microsoft Corporation
Version : 15.0.4420.1017
Architecture : 32-bit[/blockquote]

I need help getting just the current logged on user name, the computer name, and the application name. The "ComputerName" category shows up twice in a log file and creates duplicates as shown above for the same computer name, if it has more than one app installed that I am looking for, such as Project and Visio.

What I am trying to arrive at is how to parse hundreds of these log files and output all the data in one clean report that looks something like this:

[blockquote]Current Logged On User: TestUser

ComputerName : TestComputer

AppName : Microsoft Project Professional 2013

AppName : Microsoft Visio Professional 2013[/blockquote]

Any help would be GREATLY appreciated, as always.

Thanks everyone.

April 23, 2015 at 3:04 am

Here's a little starter script for you which demonstrates the -match comparison operator. -match auto-populates the $matches collection with any matches it finds. For the computer name, you can select the first object in that collection by specifying the index [0] which will eliminate your duplicates.

foreach ($logFile in (Get-ChildItem 'F:\logs')) {

    $content = Get-Content $logFile.FullName

    $content -match 'Current*'
    ($content -match 'ComputerName*')[0]
    $content -match 'AppName*'

}

April 23, 2015 at 11:22 am

$log = @"
Current Logged On User: TestUser

ComputerName : TestComputer
AppID : {90150000-003B-0000-0000-0000000FF1CE}
AppName : Microsoft Project Professional 2013
Publisher : Microsoft Corporation
Version : 15.0.4420.1017
Architecture : 32-bit

ComputerName : TestComputer
AppID : {90150000-0051-0000-0000-0000000FF1CE}
AppName : Microsoft Visio Professional 2013
Publisher : Microsoft Corporation
Version : 15.0.4420.1017
Architecture : 32-bit
"@ -split "`r`n"

$log | Select-String -Pattern "Current Logged On User","ComputerName" | Select-Object -First 1
$log | Select-String -Pattern "AppName"

Seems like a job for Select-String.

April 23, 2015 at 6:46 pm

Matt, I think that did the trick for me. Thanks a bunch.

Thank you as well, Craig.