Parse LOG File by Date Range

This topic contains 7 replies, has 4 voices, and was last updated by Profile photo of H Man H Man 1 year, 8 months ago.

  • Author
    Posts
  • #32158
    Profile photo of H Man
    H Man
    Participant

    Hello

    I am trying to parse a log file for entries with in the last 24 hours an keep getting an error.

    heres is a smaple line form the log (chocolatey) :

    2015-10-20 22:29:51,313 [DEBUG] – Attempting to delete file "C:\ProgramData\chocol
    atey\.chocolatey\teamviewer.10.0.43174\.sxs".

    here is the error I am getting:
    Exception calling "ParseExact" with "3" argument(s): "String was not recognized
    as a valid DateTime."

    here i sthe code I am using.

     
    
    $FilePath = "C:\ProgramData\chocolatey\logs\chocolatey.log"
    $Strings = '[ERROR] -'
    
    
    $data = Get-Content $filepath # logfile path
    
    write-host '------------------------------------------------------'
    write-host '------------------------------------------------------'
    write-host Total lines read from file $data.count # printing stats of
    write-host '------------------------------------------------------'
    
    $match_string = ''
    $IsMatchingRecordFound = ''
    #looping throgh all lines
    foreach ($line in $data)
    {    
        #fetching date and converting into string format
        [DateTime]$date = [DateTime]::ParseExact($line.substring(1, 21), "MMddyyyy-HH:mm:ss:fff", (New-Object System.Globalization.CultureInfo "en-US"))
        
        #comparing date date with start and end 
        if (($date -gt $StartDate) -and ($date -lt $EndDate)) 
        {            
            #matching string and array from file data
            $match_string =   $line | Select-String -Pattern $Strings -SimpleMatch 
            $match_string
            if([string]::IsNullOrEmpty($match_string)) 
            {                                       
            } 
            else 
            {            
                    $IsMatchingRecordFound="Yes"            
            }
        } 
        $match_string=''
    } 
    
    
    
    IF([string]::IsNullOrEmpty($IsMatchingRecordFound)) 
    {                                       
        write-host 'No Records Found.'
    }
    
    
  • #32159
    Profile photo of Dan Potter
    Dan Potter
    Participant

    String was not recognized as a valid DateTime.

    check to see if there is a difference between these two.

    ([datetime]$startdate).gettype()

    ($startdate).gettype()

  • #32160
    Profile photo of Dan Potter
    Dan Potter
    Participant

    I also don't see anywhere $startdate is declared in this script.

  • #32165
    Profile photo of Mark Hammonds
    Mark Hammonds
    Participant

    check your variables
    after you get that error type each variable in the console and see what they return..

    $date
    $startdate
    $enddate

  • #32166
    Profile photo of H Man
    H Man
    Participant

    your right sorry I left that part out

     
     $StartDate = (Get-Date -Hour 0 -Minute 0 -Second 0 -Millisecond 0)
    
      $EndDate = (Get-Date -Hour 23 -Minute 59 -Second 59 -Millisecond 999)
    

    no errors are generated from the variables

  • #32167
    Profile photo of H Man
    H Man
    Participant

    here is what I am getting from ($startdate).gettype()

    IsPublic IsSerial Name BaseType
    ——– ——– —- ——–
    True True DateTime System.ValueType

  • #32168
    Profile photo of Curtis Smith
    Curtis Smith
    Participant

    First, your substring is not getting all of the Date information based on your sample:

    $line = '2015-10-20 22:29:51,313 [DEBUG] – Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\teamviewer.10.0.43174\.sxs".'
    $line.substring(1, 21)
    

    Results:
    015-10-20 22:29:51,31

    You need to adjust your substring to get all, and just the date value.

    $line = '2015-10-20 22:29:51,313 [DEBUG] – Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\teamviewer.10.0.43174\.sxs".'
    $line.substring(0, 19)
    

    Results:
    2015-10-20 22:29:51

    Or you may want to use -split and just get the value before the first comma like this. Just in case the date value uses single digits at times such as 2015-5-20 22:29:51. You would have to add additional code to dynamically adjust the length for substring in this case. Using -split no dynamic length needs to be calculated.

    $line = '2015-10-20 22:29:51,313 [DEBUG] – Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\teamviewer.10.0.43174\.sxs".'
    ($line -split ',')[0]
    

    Results:
    2015-10-20 22:29:51

    Then instead of using ParseExact you can use Get-Date

    $line = '2015-10-20 22:29:51,313 [DEBUG] – Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\teamviewer.10.0.43174\.sxs".'
    $date = Get-Date ($line -split ',')[0]
    $date
    $date.GetType().Name
    

    Results:
    Tuesday, October 20, 2015 10:29:51 PM
    DateTime

  • #32171
    Profile photo of H Man
    H Man
    Participant

    ok Thanks I will make the changes and let you know

You must be logged in to reply to this topic.