Parse LOG File by Date Range

Welcome Forums General PowerShell Q&A Parse LOG File by Date Range

This topic contains 7 replies, has 4 voices, and was last updated by

 
Participant
3 years, 3 months ago.

  • Author
    Posts
  • #32158

    Participant
    Points: 0
    Rank: Member

    Hello

    I am trying to parse a log file for entries with in the last 24 hours an keep getting an error.

    heres is a smaple line form the log (chocolatey) :

    2015-10-20 22:29:51,313 [DEBUG] – Attempting to delete file "C:\ProgramData\chocol
    atey\.chocolatey\teamviewer.10.0.43174\.sxs".

    here is the error I am getting:
    Exception calling "ParseExact" with "3" argument(s): "String was not recognized
    as a valid DateTime."

    here i sthe code I am using.

     
    
    $FilePath = "C:\ProgramData\chocolatey\logs\chocolatey.log"
    $Strings = '[ERROR] -'
    
    
    $data = Get-Content $filepath # logfile path
    
    write-host '------------------------------------------------------'
    write-host '------------------------------------------------------'
    write-host Total lines read from file $data.count # printing stats of
    write-host '------------------------------------------------------'
    
    $match_string = ''
    $IsMatchingRecordFound = ''
    #looping throgh all lines
    foreach ($line in $data)
    {    
        #fetching date and converting into string format
        [DateTime]$date = [DateTime]::ParseExact($line.substring(1, 21), "MMddyyyy-HH:mm:ss:fff", (New-Object System.Globalization.CultureInfo "en-US"))
        
        #comparing date date with start and end 
        if (($date -gt $StartDate) -and ($date -lt $EndDate)) 
        {            
            #matching string and array from file data
            $match_string =   $line | Select-String -Pattern $Strings -SimpleMatch 
            $match_string
            if([string]::IsNullOrEmpty($match_string)) 
            {                                       
            } 
            else 
            {            
                    $IsMatchingRecordFound="Yes"            
            }
        } 
        $match_string=''
    } 
    
    
    
    IF([string]::IsNullOrEmpty($IsMatchingRecordFound)) 
    {                                       
        write-host 'No Records Found.'
    }
    
    
  • #32159

    Participant
    Points: 21
    Rank: Member

    String was not recognized as a valid DateTime.

    check to see if there is a difference between these two.

    ([datetime]$startdate).gettype()

    ($startdate).gettype()

  • #32160

    Participant
    Points: 21
    Rank: Member

    I also don't see anywhere $startdate is declared in this script.

  • #32165

    Participant
    Points: 2
    Rank: Member

    check your variables
    after you get that error type each variable in the console and see what they return..

    $date
    $startdate
    $enddate

  • #32166

    Participant
    Points: 0
    Rank: Member

    your right sorry I left that part out

     
     $StartDate = (Get-Date -Hour 0 -Minute 0 -Second 0 -Millisecond 0)
    
      $EndDate = (Get-Date -Hour 23 -Minute 59 -Second 59 -Millisecond 999)
    

    no errors are generated from the variables

  • #32167

    Participant
    Points: 0
    Rank: Member

    here is what I am getting from ($startdate).gettype()

    IsPublic IsSerial Name BaseType
    ——– ——– —- ——–
    True True DateTime System.ValueType

  • #32168

    Participant
    Points: 1
    Rank: Member

    First, your substring is not getting all of the Date information based on your sample:

    $line = '2015-10-20 22:29:51,313 [DEBUG] – Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\teamviewer.10.0.43174\.sxs".'
    $line.substring(1, 21)
    

    Results:
    015-10-20 22:29:51,31

    You need to adjust your substring to get all, and just the date value.

    $line = '2015-10-20 22:29:51,313 [DEBUG] – Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\teamviewer.10.0.43174\.sxs".'
    $line.substring(0, 19)
    

    Results:
    2015-10-20 22:29:51

    Or you may want to use -split and just get the value before the first comma like this. Just in case the date value uses single digits at times such as 2015-5-20 22:29:51. You would have to add additional code to dynamically adjust the length for substring in this case. Using -split no dynamic length needs to be calculated.

    $line = '2015-10-20 22:29:51,313 [DEBUG] – Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\teamviewer.10.0.43174\.sxs".'
    ($line -split ',')[0]
    

    Results:
    2015-10-20 22:29:51

    Then instead of using ParseExact you can use Get-Date

    $line = '2015-10-20 22:29:51,313 [DEBUG] – Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\teamviewer.10.0.43174\.sxs".'
    $date = Get-Date ($line -split ',')[0]
    $date
    $date.GetType().Name
    

    Results:
    Tuesday, October 20, 2015 10:29:51 PM
    DateTime

  • #32171

    Participant
    Points: 0
    Rank: Member

    ok Thanks I will make the changes and let you know

The topic ‘Parse LOG File by Date Range’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort