Powershell-如何处理未加时间戳的日志文件条目,包括空行 [英] Powershell - how to handle non timestamped log file entries, including blank lines
本文介绍了Powershell-如何处理未加时间戳的日志文件条目,包括空行的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我问了一个有关如何根据开始和结束时间戳记从日志文件中提取数据的问题,最近我得到了很好的快速解答,有关详细信息,请参阅此问题/帖子.
I asked a question about how to extract data from a log file based on a start and end timestamp, recently which I got a great and quick answer for, see this question / post for details.
但是,我现在发现我要解决的问题,因为我要处理/查询的日志文件的每一行都没有时间戳记条目,实际上有些行是空白的,跨多行的XML条目.
However, I now find I have an issue in what I am trying to acheive as the log files I am handling / querying do not have a time stamp entry on every line, and in fact some lines are blank and there are also XML entries that are split across multiple lines.
此处显示了简短的摘录,以尝试说明我要处理的日志文件数据:
A brief santised extract is shown here to try and show an idea of the log file data I am trying to handle:
1600 00:06:45 CMD1: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:06:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:06:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:06:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:06:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:06:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:06:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:06:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:06:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:06:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
OUTBOUND XML STRING RESULT OF TRANSFORMATION:
<?xml version="1.0"?>
<TgwGiMessage version="1.0">
<ShortDataTransmitRequest>
<SourceITSI SSI="XXXXXXX" EXT="0" CPTI="0" SNA="0"/>
<DestinationAddress>
<DestinationITSI SSI="XXXXXXX" EXT="0" CPTI="0" SNA="0"/>
</DestinationAddress>
<DeliveryConfirmation>1</DeliveryConfirmation>
<MessageText>XML Text Message</MessageText>
</ShortDataTransmitRequest>
</TgwGiMessage>
16e8 00:06:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
2138 00:06:45 01-BASICDT::HS: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:06:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
1e0c 00:06:45 IOM WRITE: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:06:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:06:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:06:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
APD OUTBOUND XML STRING RESULT OF TRANSFORMATION:
上一个问题/帖子为我提供了一种解决方案,只要该日志文件条目具有时间戳记,我就需要能够为该日志文件标识和输出数据.
The previous question / post has given me the solution I need to be able to identify and output data for the log files so long as the log file entry has a time stamp.
如果日志文件条目没有时间戳,那么当脚本尝试处理以下行时,我会报告错误:
If the log file entry doesn't have a time stamp I get errors reported when the script tries to process these lines:
Index was outside the bounds of the array.
At line:9 char:5
+ if ($parts[1] -ge $StartTime -and $parts[1] -le $EndTime) {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [], IndexOutOfRangeException
+ FullyQualifiedErrorId : System.IndexOutOfRangeException
这是显而易见的,因为不能分割空白行,而没有时间戳的空白行即使可以分割也不能满足我对作为时间戳进行测试的要求.
This is obvioulsy due to the fact that the blank lines can't be split, and those without a timestamp, even if they can be split don't meet my requirement for testing as timestamps.
有人可以建议我如何读取日志文件并在两个时间戳之间输出日志文件中的所有条目.
Could someone suggest how I could approach reading through the log files and outputing all entries from the log file between 2 time stamps.
我不是编码员,只是管理员黑客,所以我正在努力锻炼如何解决问题.
I'm not a coder, just an admin hacker really so I am struggling to workout how to approach the issue.
我很乐于尝试任何事情,但是,如果能提供任何使我了解如何最好地解决此问题的想法,将不胜感激.
I'm more than happy to give anythng a try, but any input to give me an idea of how best to try and tackle this would be most appreciated.
更新-PSGuy,在您上次更新之后,我进行了一些尝试,以确定为什么将脚本应用于实时日志文件时,为什么我没有得到所需的结果.
UPDATE - PSGuy, following your last update I have played around a little to try and ascertain why I am not getting the required result when applying your script to my live logfile.
我创建了一个稍长一些的日志文件示例,以运行ExampleLogfile.log,如下所示,这给出了几行内容,试图提取日志的确切内容,包括XML行.
I have created a slightly longer log file example to run against, ExampleLogfile.log as shown below, this gives a few lines where I am trying to extract the exact content of the log, including the XML lines.
1600 00:06:45 CMD1: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:06:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:06:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:06:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:07:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:07:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:07:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:07:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:08:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:08:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
OUTBOUND XML STRING RESULT OF TRANSFORMATION:
<?xml version="1.0"?>
<TgwGiMessage version="1.0">
<ShortDataTransmitRequest>
<SourceITSI SSI="XXXXXXX" EXT="0" CPTI="0" SNA="0"/>
<DestinationAddress>
<DestinationITSI SSI="XXXXXXX" EXT="0" CPTI="0" SNA="0"/>
</DestinationAddress>
<DeliveryConfirmation>1</DeliveryConfirmation>
<MessageText>XML Text Message</MessageText>
</ShortDataTransmitRequest>
</TgwGiMessage>
16e8 00:08:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
2138 00:08:45 01-BASICDT::HS: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:09:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
1e0c 00:09:45 IOM WRITE: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:09:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:09:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:10:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
APD OUTBOUND XML STRING RESULT OF TRANSFORMATION:
1600 00:10:45 CMD1: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:10:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:10:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:11:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:11:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:11:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:11:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:12:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:12:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:12:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
OUTBOUND XML STRING RESULT OF TRANSFORMATION:
<?xml version="1.0"?>
<TgwGiMessage version="1.0">
<ShortDataTransmitRequest>
<SourceITSI SSI="XXXXXXX" EXT="0" CPTI="0" SNA="0"/>
<DestinationAddress>
<DestinationITSI SSI="XXXXXXX" EXT="0" CPTI="0" SNA="0"/>
</DestinationAddress>
<DeliveryConfirmation>1</DeliveryConfirmation>
<MessageText>XML Text Message</MessageText>
</ShortDataTransmitRequest>
</TgwGiMessage>
16e8 00:12:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
2138 00:13:45 01-BASICDT::HS: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:13:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
1e0c 00:13:45 IOM WRITE: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:13:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:14:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:14:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
APD OUTBOUND XML STRING RESULT OF TRANSFORMATION:
1600 00:14:45 CMD1: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:14:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:15:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:15:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:15:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:15:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:16:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:16:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:16:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:16:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
OUTBOUND XML STRING RESULT OF TRANSFORMATION:
<?xml version="1.0"?>
<TgwGiMessage version="1.0">
<ShortDataTransmitRequest>
<SourceITSI SSI="XXXXXXX" EXT="0" CPTI="0" SNA="0"/>
<DestinationAddress>
<DestinationITSI SSI="XXXXXXX" EXT="0" CPTI="0" SNA="0"/>
</DestinationAddress>
<DeliveryConfirmation>1</DeliveryConfirmation>
<MessageText>XML Text Message</MessageText>
</ShortDataTransmitRequest>
</TgwGiMessage>
16e8 00:17:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
2138 00:17:45 01-BASICDT::HS: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:17:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
1e0c 00:17:45 IOM WRITE: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:18:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:18:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:18:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
APD OUTBOUND XML STRING RESULT OF TRANSFORMATION:
然后我如下编辑了您的代码,以从00:08:45提取5分钟的日志记录
I have then edited your code as below, to extract a 5 minute section of log from 00:08:45
$file = Get-Content "c:\temp\ExampleLogfile.log"
# create your text pattern for regex matches here
$myPattern = "\d{1,2}\:\d{1,2}\:\d{1,2}"
# what time boundaries do you want to check?
$tempTime = "00:08:45"
$lowerBound = [DateTime]::Parse($tempTime)
$upperBound = $lowerBound.AddMinutes(5)
# tempTime can use any System.DateTime static method once
# you have a date time, and should ideally be an input parameter
# lowerBound should also be an input parameter
# this could also be a for, do / while, or for each
# loop through the file until we reach the end
for ($i = 0; $i -le $file.GetUpperBound(""); $i++)
{
# this will loop until we reach the last line
if ($file[$i] -match $myPattern)
{
$time = $file[$i].Split(' ')[1]
if ([DateTime]::Parse($time) -ge $lowerBound -and [DateTime]::Parse($time) -le $upperBound)
{
$file[$i] # this will print to a console
# using the Tee-Object cmdlet will output it to the console
# and a file, which could be useful for developers and you
}
}
}
产生了以下输出:
16e8 00:08:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:08:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:08:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
2138 00:08:45 01-BASICDT::HS: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:09:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
1e0c 00:09:45 IOM WRITE: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:09:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:09:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:10:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
1600 00:10:45 CMD1: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:10:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:10:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:11:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:11:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:11:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:11:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:12:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:12:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:12:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:12:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
2138 00:13:45 01-BASICDT::HS: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:13:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
1e0c 00:13:45 IOM WRITE: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:13:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
因此它以分钟数($ upperBound = $ lowerBound.AddMinutes(5))从开始时间($ tempTime ="00:08:45")给了我所有带时间戳的行,但没有输出XML或其他无时间戳的行.当使用上面的ExampleLogfile.log时,我试图实现以下输出:
So it gave me all the timestamped lines from the start time ($tempTime = "00:08:45") for the number of minutes ($upperBound = $lowerBound.AddMinutes(5)) but it did not output the XML or other non timestamped lines. When using the above ExampleLogfile.log I was trying to acheive the following being output:
16e8 00:08:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:08:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
OUTBOUND XML STRING RESULT OF TRANSFORMATION:
<?xml version="1.0"?>
<TgwGiMessage version="1.0">
<ShortDataTransmitRequest>
<SourceITSI SSI="XXXXXXX" EXT="0" CPTI="0" SNA="0"/>
<DestinationAddress>
<DestinationITSI SSI="XXXXXXX" EXT="0" CPTI="0" SNA="0"/>
</DestinationAddress>
<DeliveryConfirmation>1</DeliveryConfirmation>
<MessageText>XML Text Message</MessageText>
</ShortDataTransmitRequest>
</TgwGiMessage>
16e8 00:08:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
2138 00:08:45 01-BASICDT::HS: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:09:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
1e0c 00:09:45 IOM WRITE: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:09:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:09:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:10:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
APD OUTBOUND XML STRING RESULT OF TRANSFORMATION:
1600 00:10:45 CMD1: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:10:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:10:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:11:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:11:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:11:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:11:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:12:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:12:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:12:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
OUTBOUND XML STRING RESULT OF TRANSFORMATION:
<?xml version="1.0"?>
<TgwGiMessage version="1.0">
<ShortDataTransmitRequest>
<SourceITSI SSI="XXXXXXX" EXT="0" CPTI="0" SNA="0"/>
<DestinationAddress>
<DestinationITSI SSI="XXXXXXX" EXT="0" CPTI="0" SNA="0"/>
</DestinationAddress>
<DeliveryConfirmation>1</DeliveryConfirmation>
<MessageText>XML Text Message</MessageText>
</ShortDataTransmitRequest>
</TgwGiMessage>
16e8 00:12:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
2138 00:13:45 01-BASICDT::HS: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:13:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
1e0c 00:13:45 IOM WRITE: Standard log file entry: Standard log file entry: Standard log file entry:
16e8 00:13:45 CL: Standard log file entry: Standard log file entry: Standard log file entry:
我在这里做错什么了吗?这听起来像是一个简单的要求,但我正在为此而苦苦挣扎.
Am I doing something wrong here? This sounds like a simple requirement but I'm struggling with this one.
推荐答案
我已更新代码,看到了上面的错误...不确定是否看到注释,所以再次出现:
I updated the code having seen the error above... Not sure if you saw the comment, so here it is again:
$file = Get-Content MyFile.log
# create your text pattern for regex matches here
$myPattern = "\d{1,2}\:\d{1,2}\:\d{1,2}"
# what time boundaries do you want to check?
$tempTime = "00:06:40"
$lowerBound = [DateTime]::Parse($tempTime)
$upperBound = $lowerBound.AddMinutes(30)
# tempTime can use any System.DateTime static method once
# you have a date time, and should ideally be an input parameter
# lowerBound should also be an input parameter
# this could also be a for, do / while, or for each
# loop through the file until we reach the end
for ($i = 0; $i -le $file.GetUpperBound(""); $i++)
{
# this will loop until we reach the last line
if ($file[$i] -match $myPattern)
{
$time = $file[$i].Split(' ')[1]
if ([DateTime]::Parse($time) -ge $lowerBound -and [DateTime]::Parse($time) -le $upperBound)
{
$file[$i] # this will print to a console
# using the Tee-Object cmdlet will output it to the console
# and a file, which could be useful for developers and you
}
}
}
这篇关于Powershell-如何处理未加时间戳的日志文件条目,包括空行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
