0

I try to parse a log file and output a formatted result.
The result file is created but it's empty after running the script.

Source log file:

2011-07-08 14:34:40.609 Ber   8 [R:   1] Http ->   GET http://test.com:80/api/test?__crd=78F5WE6WE
2011-08-08 12:34:51.202 Inf   9 [R:   1] Http <~   GET http://TEST.com:80/api/gs?__crid=7B9790431B8 [304 Not Modified] [11.774 ms]
2011-08-08 15:38:52.166 War   8 [R:  33] [Excn][Type:Api][Err:300][HTTPStatus:NotFound][Message:PCNDLS_. ISE Account : 111][CorrId:hvukyhv78r5564]

out format

Write-Host 'Hello! My Name is test  !'

$Files = Get-ChildItem  C:\log\1\* -Include *.log 

New-Item -ItemType file -Path C:\log\result.txt –Force

foreach ($File in $Files)
{
    $StringMatch = $null
    $StringMatch = select-string $File -pattern  "[Exception]|[304 Not Modified]"
    if ($StringMatch) {out-file -filepath C:\log\result.txt -inputobject $StringMatch }

    $regex = 'Line\s+(\d+):\s+([^;]+);([^;]+);([^;]+);(.+)'
    [regex]::Matches($StringMatch, $regex) | ForEach-Object {
        [PsCustomObject]@{
            ID = $_.Groups[1].Value
            Time = $_.Groups[2].Value
            Status = $_.Groups[3].Value
            URL = $_.Groups[4].Value
            Message = $_.Groups[5].Value
        }
    }
}
Improve this question
6
  • "[Exception]|[304 Not Modified]" is a wrong regex to use because [] have special meaning, so they should be escaped: "\[Exception\]|\[304 Not Modified\]" And you overwrite the results in each iteration: might wanna use -Append switch... Anyway, debug the script in PowerShell ISE by setting a breakpoint and then step through the code, inspect the variables. Commented Oct 26, 2016 at 7:16
  • Your source log says 305 not modified but your code looks for 304 not modified. foreach (){} doesn't output to the pipeline - you throw the output away. Your code looks for one line in the log, but your desired output needs crd information from the previous line, and HTTPStatus and Message from the subsequent line, you will need to use Select-String -Context and read the .Context property of the MatchInfo objects it generates. Commented Oct 26, 2016 at 7:21
  • @ wOxxOm thank, but not help this(( Commented Oct 26, 2016 at 7:21
  • @ TessellatingHeckler thank, but not help((i update question Commented Oct 26, 2016 at 7:23
  • You should debug the code. Commented Oct 26, 2016 at 7:24

1 Answer 1

Reset to default
1

I think there is an issue with your search pattern, but generally you seem to be fighting against the natural Powershell way of doing things. If you use the pipeline approach you will make your life a lot easier. Try the example below:

$regex = 'Line\s+(\d+):\s+([^;]+);([^;]+);([^;]+);(.+)'
$pat = "\[Exception\]|\[304 Not Modified\]"
$path = "C:\log\1\*.log"
$file = "C:\log\result.txt"

Remove-Item $file -ErrorAction SilentlyContinue
Get-ChildItem $path | Select-String -Pattern $pat | Select -ExpandProperty line | % {
    $_ | Add-Content $file
    # Add code to create object here
}

Or id you don't need the object you could just do this:

 Get-ChildItem $path | Select-String -Pattern $pat | Select -ExpandProperty line | Add-Content $file
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

and how add filter?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.