Select-String & RegEx

This topic contains 3 replies, has 4 voices, and was last updated by Profile photo of random commandline random commandline 3 weeks, 3 days ago.

  • Author
  • #54720
    Profile photo of Johnny Leuthard
    Johnny Leuthard

    I'm having a problem with RegEx. Every time I think I have it down the parameters of what i need to do change and I'm reminded how much RegEx can hurt your brain!

    What I am currently trying to do is extract a certain string of an unknown length from a big text file. It's an event security log from a 3rd party to be exact. for most (if not all) I know the text before and after my string. Here is an example of what I need to look for
    Subject.Account_Name: SourceUserName Subject.Account_Domain: CORP

    From that string I need to extract SourceUserName That will change for each line.

    I have multiple logs that i need to parse through and for the most part know the beginning and ending string.
    Can anybody help with the RegEx search OR if there is a suggestion on a better way to do this i am open.

  • #54723
    Profile photo of Olaf Soyk
    Olaf Soyk

    The regex is the easiest part I think:

    'Subject.Account_Name: SourceUserName Subject.Account_Domain: CORP' -match 'Subject\.Account_Name:\s+(.+)\s+Subject\.Account_Domain:\s+CORP'

    For the rest you should do a foreach loop and do whatever you need to do with the results.
    If you have some trouble with your code you can come back and we're gona help you. 😉

  • #54724
    Profile photo of BrandonB

    Something akin to:

     ls c:\temp\searchfolder -recurse | Select-String "google" | Select Path, LineNumber | Format-List OR $Regex = "\b\D*([\d]{1,}).*\b"

    Perhaps this may help? RegEx Searches I'm no expert but I seen the question figured I'd try run through some oddball searches of google in hopes of helping.

  • #54727
    Profile photo of random commandline
    random commandline

    I recommend using the switch statement as it can be more efficient compared to Get-Content depending on the size and number of log files.

    $logs = Get-ChildItem \path\to\logfiles\logs*
    $strings = foreach ($log in $logs){
    switch -Regex -File $log{
    'Account_Name: (.*) Subject' {$Matches[1]}

You must be logged in to reply to this topic.