New-Object output problem

This topic contains 11 replies, has 4 voices, and was last updated by Profile photo of Anthony Regnier Anthony Regnier 1 month, 1 week ago.

  • Author
    Posts
  • #55501
    Profile photo of Anthony Regnier
    Anthony Regnier
    Participant

    Hey Guys,

    I'm having a problem. I first put the data i want into 2 variables $Started_Time & $Ended_Time as below:
    (Sorry for how the text is formatted, i can't get it to be nicely readable)

    $Before = Get-Date
    $Started_Time = Get-EventLog -LogName Security -EntryType SuccessAudit -InstanceID 4688 -Before $Before -Message "*outlook.exe*" | Select -ExpandProperty TimeWritten
    $Ended_Time = Get-EventLog -LogName Security -EntryType SuccessAudit -InstanceID 4689 -Before $Before -Message "*outlook.exe*" | Select -ExpandProperty TimeWritten

    Each of then returns me the datas in columns, like that:

    Thursday, October 20, 2016 4:58:35 PM
    Thursday, October 20, 2016 3:15:17 PM
    Wednesday, October 19, 2016 11:06:06 AM

    Then, i run this:

    New-Object PSObject -Property ([ordered]@{'Start Time'=$Started_Time;'End Time'=$Ended_Time})

    And here is the output:

    Start Time End Time
    ———- ——–
    {10/20/2016 4:58:35 PM, 10/20/2016 3:15:17 PM, 10/19/2016 11:06:06 AM} {10/20/2016 4:49:43 PM, 10/20/2016 3:15:12 PM}

    I can't figure how to get my data in column, like that:

    Start Time End Time
    ———- ———-
    Date1 Date1
    Date2 Date2
    Date3 Date3

    Thanks for your help !

  • #55511
    Profile photo of Olaf Soyk
    Olaf Soyk
    Participant

    Anthony,

    you create 2 independend lists of dates. I think you should first create something what matches the start time with the related end time.

  • #55516
    Profile photo of Anthony Regnier
    Anthony Regnier
    Participant

    Here is my code now:

    $Start_Date = [Datetime]::Today.AddDays(-1).AddHours(1)
    $End_Date = [Datetime]::Today.AddDays(-1).AddHours(23)
    
    
    $Started_Time = Get-EventLog -LogName Security -EntryType SuccessAudit -InstanceID 4688 -Before $End_Date -After $Start_Date -Message "*outlook.exe*" | Select -ExpandProperty TimeWritten
    $Ended_Time = Get-EventLog -LogName Security -EntryType SuccessAudit -InstanceID 4689 -Before $End_Date -After $Start_Date -Message "*outlook.exe*" | Select -ExpandProperty TimeWritten
    
    New-Object -TypeName PSObject -Property ([ordered]@{'Start Time'=$Started_Time;'End Time'=$Ended_Time})
    

    I don't necessary need to have the date1 in the Start Time column maching the date1 on the end time column.

    I just need the date to be displayed in a column format...

    My code gives me this:

    Start Time                                     End Time                                      
    ----------                                     --------                                      
    {10/20/2016 4:58:35 PM, 10/20/2016 3:15:17 PM} {10/20/2016 4:49:43 PM, 10/20/2016 3:15:12 PM}
    
  • #55522
    Profile photo of Max Kozlov
    Max Kozlov
    Participant
    #requires -Version 4.0
    #I don't now, may be this works also on earlier PS versions
    
    $Start_Date = [Datetime]::Today.AddDays(-1).AddHours(1)
    $End_Date = [Datetime]::Today.AddDays(-1).AddHours(23)
    
    #First, there is no need to call get-eventlog twice,
    # and I use splatting to better readability of many parameters
    $geteventlogparams = @{
    	LogName = 'Security'
    	EntryType = 'SuccessAudit'
    	InstanceID = 4688,4689
    	Before = $End_Date
    	After = $Start_Date
    	Message = "*outlook.exe*"
    }
    $events = Get-EventLog @geteventlogparams
    
    #Second, to properly sort start and stop events you need to split it by process id,
    # so start and stop events for the same grouped together
    # this grouing may be version dependent
    # there is some magic:
    # for event 4688 we need replacementstring[4]
    # and for event 4689 we need replacementstring[5]
    $groupedByProcessID = $events | Group-Object {  $_.ReplacementStrings[$_.InstanceId - 4684] }
    
    #And now you fill out your objects
    #There you can export it somewhere
    # or out to console as I'm do
    foreach ($processID in $groupedByProcessID) {
    	$Started_TimeEvent = $processID.Group | Where-Object { $_.InstanceId -eq 4688 }
    	$Ended_TimeEvent = $processID.Group | Where-Object { $_.InstanceId -eq 4689 }
    	#v3+, you can replace it to New-Object for compatibility
    	[PSCustomObject]@{
    		Started_Time = $Started_TimeEvent.TimeGenerated
    		Ended_Time = $Ended_TimeEvent.TimeGenerated
    	}
    }
    
    • This reply was modified 1 month, 2 weeks ago by Profile photo of Max Kozlov Max Kozlov.
    • This reply was modified 1 month, 2 weeks ago by Profile photo of Max Kozlov Max Kozlov.
    • This reply was modified 1 month, 2 weeks ago by Profile photo of Max Kozlov Max Kozlov.
    • This reply was modified 1 month, 2 weeks ago by Profile photo of Max Kozlov Max Kozlov.
  • #55532
    Profile photo of Max Kozlov
    Max Kozlov
    Participant

    .

    • This reply was modified 1 month, 2 weeks ago by Profile photo of Max Kozlov Max Kozlov.
  • #55553
    Profile photo of Anthony Regnier
    Anthony Regnier
    Participant

    God you are awesome ! You didn't just fixed the issue but you made my script better, thanks a ton!

    Now i'm gonna work on running this on a list of computer. Ideally at the end, i would have one single CSV with one worksheet per computer, showing the started time & ended time of a defined process.

    I'll post here if i'm stuck somwhere :).

  • #55703
    Profile photo of Anthony Regnier
    Anthony Regnier
    Participant

    I've got another issue now... I can't export it to CSV and out-file doesn't give me a good output in a csv file...

    Here is my script output:

    Computer Name Application Started Time          Ended Time            Usage   
    ------------- ----------- ------------          ----------            -----   
    GVA-GUEST-02  Bloomberg   10/21/2016 4:13:10 PM 10/21/2016 4:13:33 PM 00:00:23
    

    And here is what i get when i pipe it to GM:

     TypeName: Microsoft.PowerShell.Commands.Internal.Format.FormatStartData
    
    Name                                    MemberType Definition                                                                                                                                                                               
    ----                                    ---------- ----------                                                                                                                                                                               
    Equals                                  Method     bool Equals(System.Object obj)                                                                                                                                                           
    GetHashCode                             Method     int GetHashCode()                                                                                                                                                                        
    GetType                                 Method     type GetType()                                                                                                                                                                           
    ToString                                Method     string ToString()                                                                                                                                                                        
    autosizeInfo                            Property   Microsoft.PowerShell.Commands.Internal.Format.AutosizeInfo, System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 autosizeInfo {get;set;}      
    ClassId2e4f51ef21dd47e99d3c952918aff9cd Property   string ClassId2e4f51ef21dd47e99d3c952918aff9cd {get;}                                                                                                                                    
    groupingEntry                           Property   Microsoft.PowerShell.Commands.Internal.Format.GroupingEntry, System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 groupingEntry {get;set;}    
    pageFooterEntry                         Property   Microsoft.PowerShell.Commands.Internal.Format.PageFooterEntry, System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 pageFooterEntry {get;set;}
    pageHeaderEntry                         Property   Microsoft.PowerShell.Commands.Internal.Format.PageHeaderEntry, System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 pageHeaderEntry {get;set;}
    shapeInfo                               Property   Microsoft.PowerShell.Commands.Internal.Format.ShapeInfo, System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 shapeInfo {get;set;}            
    
    
       TypeName: Microsoft.PowerShell.Commands.Internal.Format.GroupStartData
    
    Name                                    MemberType Definition                                                                                                                                                                           
    ----                                    ---------- ----------                                                                                                                                                                           
    Equals                                  Method     bool Equals(System.Object obj)                                                                                                                                                       
    GetHashCode                             Method     int GetHashCode()                                                                                                                                                                    
    GetType                                 Method     type GetType()                                                                                                                                                                       
    ToString                                Method     string ToString()                                                                                                                                                                    
    ClassId2e4f51ef21dd47e99d3c952918aff9cd Property   string ClassId2e4f51ef21dd47e99d3c952918aff9cd {get;}                                                                                                                                
    groupingEntry                           Property   Microsoft.PowerShell.Commands.Internal.Format.GroupingEntry, System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 groupingEntry {get;set;}
    shapeInfo                               Property   Microsoft.PowerShell.Commands.Internal.Format.ShapeInfo, System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 shapeInfo {get;set;}        
    
    
       TypeName: Microsoft.PowerShell.Commands.Internal.Format.FormatEntryData
    
    Name                                    MemberType Definition                                                                                                                                                                               
    ----                                    ---------- ----------                                                                                                                                                                               
    Equals                                  Method     bool Equals(System.Object obj)                                                                                                                                                           
    GetHashCode                             Method     int GetHashCode()                                                                                                                                                                        
    GetType                                 Method     type GetType()                                                                                                                                                                           
    ToString                                Method     string ToString()                                                                                                                                                                        
    ClassId2e4f51ef21dd47e99d3c952918aff9cd Property   string ClassId2e4f51ef21dd47e99d3c952918aff9cd {get;}                                                                                                                                    
    formatEntryInfo                         Property   Microsoft.PowerShell.Commands.Internal.Format.FormatEntryInfo, System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 formatEntryInfo {get;set;}
    outOfBand                               Property   bool outOfBand {get;set;}                                                                                                                                                                
    writeStream                             Property   Microsoft.PowerShell.Commands.Internal.Format.WriteStreamType, System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 writeStream {get;set;}    
    
    
       TypeName: Microsoft.PowerShell.Commands.Internal.Format.GroupEndData
    
    Name                                    MemberType Definition                                                                                                                                                                           
    ----                                    ---------- ----------                                                                                                                                                                           
    Equals                                  Method     bool Equals(System.Object obj)                                                                                                                                                       
    GetHashCode                             Method     int GetHashCode()                                                                                                                                                                    
    GetType                                 Method     type GetType()                                                                                                                                                                       
    ToString                                Method     string ToString()                                                                                                                                                                    
    ClassId2e4f51ef21dd47e99d3c952918aff9cd Property   string ClassId2e4f51ef21dd47e99d3c952918aff9cd {get;}                                                                                                                                
    groupingEntry                           Property   Microsoft.PowerShell.Commands.Internal.Format.GroupingEntry, System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 groupingEntry {get;set;}
    
    
       TypeName: Microsoft.PowerShell.Commands.Internal.Format.FormatEndData
    
    Name                                    MemberType Definition                                                                                                                                                                           
    ----                                    ---------- ----------                                                                                                                                                                           
    Equals                                  Method     bool Equals(System.Object obj)                                                                                                                                                       
    GetHashCode                             Method     int GetHashCode()                                                                                                                                                                    
    GetType                                 Method     type GetType()                                                                                                                                                                       
    ToString                                Method     string ToString()                                                                                                                                                                    
    ClassId2e4f51ef21dd47e99d3c952918aff9cd Property   string ClassId2e4f51ef21dd47e99d3c952918aff9cd {get;}                                                                                                                                
    groupingEntry                           Property   Microsoft.PowerShell.Commands.Internal.Format.GroupingEntry, System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 groupingEntry {get;set;}
    
  • #55705
    Profile photo of Anthony Regnier
    Anthony Regnier
    Participant

    I've got another issue now...
    I can't use Export-Csv and Out-File won't give me a nice view either...

    Here my code:

    Function Get-BloombergUsage {
        
        $End_Date = Get-Date
        $EventParams = @{
    		LogName = 'Security'
    		EntryType = 'SuccessAudit'
    		InstanceID = 4688,4689
    		Before = $End_Date
    		#After = $Start_Date
    		Message = "*blpcbbap.exe*"
        }
        
        $Events = Get-EventLog @EventParams
    	$GroupByProcessID = $Events | Group-Object {  $_.ReplacementStrings[$_.InstanceId - 4684] }
    
        Foreach ($processID in $GroupByProcessID) {
    	    $Started_TimeEvent = $processID.Group | Where-Object { $_.InstanceId -eq 4688 }
    	    $Ended_TimeEvent = $processID.Group | Where-Object { $_.InstanceId -eq 4689 }
            $AverageUsage = New-TimeSpan -End $Ended_TimeEvent.TimeGenerated -Start $Started_TimeEvent.TimeGenerated
            
            New-Object PsObject -Property ([ordered]@{
                'Computer Name'=Hostname;
                'Application'='Bloomberg';
                'Started Time'=$Started_TimeEvent.TimeGenerated;
                'Ended Time'=$Ended_TimeEvent.TimeGenerated;
                'Usage'=$AverageUsage
            }) | FT -AutoSize
        }
    }
    
    Get-BloombergUsage
    

    Here is the output of my script:

    
    Computer Name Application Started Time          Ended Time            Usage   
    ------------- ----------- ------------          ----------            -----   
    GVA-GUEST-02  Bloomberg   10/21/2016 4:13:10 PM 10/21/2016 4:13:33 PM 00:00:23
    
    

    I piped to to GM to see but i get this:

    TypeName: Microsoft.PowerShell.Commands.Internal.Format.GroupStartData

  • #55717
    Profile photo of Rob Simmers
    Rob Simmers
    Participant

    Powershell Gotcha. Check out the Ebooks link above for more details, but Format-Table (FT) kills the pipeline. Remove the following:

    | FT -AutoSize
    
    • #55781
      Profile photo of Anthony Regnier
      Anthony Regnier
      Participant

      Hey folks,

      Yes i know FT won't work with CSV, that's why i tried using out-files...

      Problem is, if I remove the FT -Autosize, it transforms my output in raws unless i remove one column.

      For example, my output gave me first 3 columns (Computer name, Started time, ended time).
      I then added as the 4th column, the New-TimeSpan to calculate the time difference between the ended time and started time, and the output got changed from columns to lines, unless i use FT -Autosize...

    • #55786
      Profile photo of Olaf Soyk
      Olaf Soyk
      Participant

      Until up to 4 properties the console always shows as table. If it's more it will be a list unless you specify something different. But that's only the standard behaviour in the console. If you use Export-CSV it will always be in columns no matter how many properties you specify.

  • #55831
    Profile photo of Anthony Regnier
    Anthony Regnier
    Participant

    It works !

    Thanks to all of you I learned so much.

You must be logged in to reply to this topic.