# Select-String & RegEx

This topic contains 3 replies, has 4 voices, and was last updated by  random commandline 3 months, 3 weeks ago.

• Author
Posts
• #54720

Johnny Leuthard
Participant

I'm having a problem with RegEx. Every time I think I have it down the parameters of what i need to do change and I'm reminded how much RegEx can hurt your brain!

What I am currently trying to do is extract a certain string of an unknown length from a big text file. It's an event security log from a 3rd party to be exact. for most (if not all) I know the text before and after my string. Here is an example of what I need to look for

From that string I need to extract SourceUserName That will change for each line.

I have multiple logs that i need to parse through and for the most part know the beginning and ending string.
Can anybody help with the RegEx search OR if there is a suggestion on a better way to do this i am open.

• #54723

Olaf Soyk
Participant

The regex is the easiest part I think:

'Subject.Account_Name: SourceUserName Subject.Account_Domain: CORP' -match 'Subject\.Account_Name:\s+(.+)\s+Subject\.Account_Domain:\s+CORP'
$Matches[1] For the rest you should do a foreach loop and do whatever you need to do with the results. If you have some trouble with your code you can come back and we're gona help you. 😉 • #54724 BrandonB Participant Something akin to:  ls c:\temp\searchfolder -recurse | Select-String "google" | Select Path, LineNumber | Format-List OR$Regex = "\b\D*([\d]{1,}).*\b"

Perhaps this may help? RegEx Searches I'm no expert but I seen the question figured I'd try run through some oddball searches of google in hopes of helping.

• #54727

random commandline
Participant

I recommend using the switch statement as it can be more efficient compared to Get-Content depending on the size and number of log files.

$logs = Get-ChildItem \path\to\logfiles\logs*$strings = foreach ($log in$logs){
switch -Regex -File $log{ 'Account_Name: (.*) Subject' {$Matches[1]}
}}
\$strings


You must be logged in to reply to this topic.