Re: How to sort a comma delimited text file?
- From: "Richard Mueller" <rlmueller-NOSPAM@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 25 Jan 2006 15:19:30 -0600
Per Hagstrom wrote:
> Trying to make a script that takes 4 different event log files, and create
> one summary log file, with all the events sorted by date.
>
> Any suggestions?
>
> TIA!
>
> / Per
>
> ps. To simplify, lets say we have 4 columns, DATE/TIME, EVENT, SOURCE,
> DEST and logfiles, Log1, Log2, Log3, Log4.
>
Hi,
If you mean the Windows Event logs, these are not comma delimited files. You
use the Win32_NTLogEvent class of WMI to read the logs. These logs are huge
and it can take awhile just to read them. A quick example to output all log
entries (except the security event log) entered on 1/24/2006:
==================
Dim strComputer, objWMIService, colLoggedEvents, objEvent
Dim dtmStart, dtmEnd
' Specify time in UTC. The -360 is the time zone offset.
dtmStart = "20060124000000.000000-360"
dtmEnd = "20060125000000.000000-360"
' Specify computer. "." is the local machine.
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer _
& "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
("SELECT * FROM Win32_NTLogEvent WHERE TimeWritten >= '" _
& dtmStart & "' AND TimeWritten < '" & dtmEnd & "'")
For Each objEvent In colLoggedEvents
Wscript.Echo objEvent.TimeWritten & "," & objEvent.EventCode _
& "," & objEvent.SourceName
Next
===================
The most efficient way to sort is to use a disconnected recordset. The same
example but sorting by TimeWritten could be:
======================
Const adVarChar = 200
Const MaxCharacters = 255
dtmStart = "20060124000000.000000-360"
dtmEnd = "20060125000000.000000-360"
strComputer = "."
' Setup disconnected recordset with 3 fields.
Set objDataList = CreateObject("ADODB.RecordSet")
objDataList.Fields.Append "Date", adVarChar, MaxCharacters
objDataList.Fields.Append "Event", adVarChar, MaxCharacters
objDataList.Fields.Append "Source", adVarChar, MaxCharacters
objDataList.Open
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer _
& "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
("SELECT * FROM Win32_NTLogEvent WHERE TimeWritten >= '" _
& dtmStart & "' AND TimeWritten < '" & dtmEnd & "'")
For Each objEvent In colLoggedEvents
' Read each event into the disconnected recordset.
objDataList.AddNew
objDataList("Date") = objEvent.TimeWritten
objDataList("Event") = objEvent.EventCode
objDataList("Source") = objEvent.SourceName
objDataList.Update
Next
' Sort the dataset by TimeWritten
objDataList.Sort = "Date"
' Enumerate disconnected recordset and display sorted events.
objDataList.MoveFirst
Do Until objDataList.EOF
Wscript.Echo objDataList.Fields.Item("Date") _
& "," & objDataList.Fields.Item("Event") _
& "," & objDataList.Fields.Item("Source")
objDataList.MoveNext
Loop
=======================
Again, it can take a long time to process the event logs. For more
information on using WMI to read the logs, see:
http://www.microsoft.com/technet/scriptcenter/guide/sas_log_overview.mspx
You can specify which event logs to process with a clause similar to "WHERE
LogFile = 'System'" in the SELECT statement. If you are dealing with some
other comma delimited log, you can use the FileSystemObject to read the text
file, and use the Split function to break up each line into an array.
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
.
- Follow-Ups:
- Re: How to sort a comma delimited text file?
- From: Per Hagstrom
- Re: How to sort a comma delimited text file?
- References:
- How to sort a comma delimited text file?
- From: Per Hagstrom
- How to sort a comma delimited text file?
- Prev by Date: problems with vbscript if statement
- Next by Date: Thanks
- Previous by thread: How to sort a comma delimited text file?
- Next by thread: Re: How to sort a comma delimited text file?
- Index(es):
Relevant Pages
|
